Connect with us

Hi, what are you looking for?



Oracle to Patch 113 Security Vulnerabilities in Critical Update

Oracle plans to issue a massive security update Tuesday that addresses 113 vulnerabilities.

Oracle plans to issue a massive security update Tuesday that addresses 113 vulnerabilities.

Twenty of the security fixes are aimed at Oracle Java SE. All of these bugs can be exploited remotely without authentication. According to Oracle, the Java SE components fixed in the update affect Java SE and JRockit. The highest CVSS Base Score of the vulnerabilities is 10 – the highest criticality score available.

The update also contains 29 new security fixes for Oracle Fusion Middleware. Twenty-seven of the vulnerabilities are remotely exploitable over a network without the need for a username and password. The highest CVSS Base Score of vulnerabilities affecting Oracle Fusion Middleware is 7.5. The vulnerabilities are in: BI Publisher, GlassFish Communications Server, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle HTTP Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle JDeveloper, Traffic Director, WebCenter Portal and WebLogic Server.

Other vulnerabilities set to be addressed affect the following products: Oracle Database Server (5); Oracle Hyperion (7); Oracle Enterprise Grid Manager (1); Oracle E-Business Suite (5); Supply Chain Products Suite (3); PeopleSoft (5); Siebel CRM (6); Oracle Communications Messaging Server (1); Oracle Retail Applications (3); Oracle Virtualization (15); Oracle and Sun Systems Products Suite (3); and MySQL (10).

“While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory,” Oracle stated in the advisory.

“Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products,” according to the company. “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.”

“Oracle Database server may only have five vulnerabilities being resolved, but one or more of those have a CVSS base score of 9.0,” said Chris Goettl, program product manager for Shavlik Technologies. “Several other products like Fusion, Virtualization and Retail Applications have CVSS base scores of 7.5 and the rest start to fall steadily from there, but one fairly common theme is they are remotely executable without the need for authentication. Companies running a lot of Oracle software should take some time on Tuesday and review what solutions they have and where they are to see if immediate action is necessary. Again, for Java, the urgency is going to be far greater. If you don’t have a breaking dependency on a specific version it would be a good idea to rollout these updates as soon as you can.”

Advertisement. Scroll to continue reading.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.