Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle Releases 508 New Security Patches With July 2023 CPU

Oracle has released 508 new security patches as part of the July 2023 CPU, including more than 70 that address critical vulnerabilities

Oracle on Tuesday announced the release of 508 new security patches as part of the July 2023 CPU, including more than 75 patches that resolve critical-severity vulnerabilities.

More than 350 of the security patches address vulnerabilities that can be exploited remotely, without authentication. Some of these flaws impact multiple products, Oracle’s advisory reveals.

As part of this quarterly set of security updates, Financial Services received the largest number of patches, at 147. Of the resolved vulnerabilities, 115 can be exploited by remote, unauthenticated attackers with network access.

Oracle’s July 2023 CPU includes 77 security patches for Communications, with 57 of the flaws remotely exploitable without authentication.

Fusion Middleware received 60 security patches, including fixes for 40 remotely exploitable, unauthenticated bugs. Communications Applications (40 patches – 30 issues exploitable remotely without authentication), Analytics (32 – 23), and MySQL (24 – 11) received numerous fixes as well.

On Tuesday, Oracle also announced patches for Utilities Applications, Supply Chain, Retail Applications, Java SE, PeopleSoft, Siebel CRM, Commerce, Enterprise Manager, Construction and Engineering, E-Business Suite, JD Edwards, and over a dozen other products.

Successful exploitation of some of these vulnerabilities may lead to complete application or system compromise, Oracle says. Many of the updates also include additional third-party patches. 

On Tuesday, Oracle also released the July 2023 Solaris bulletin, which includes 17 new security patches, including 11 for vulnerabilities that are remotely exploitable, without authentication. Two of the vulnerabilities are rated ‘critical severity’.

Advertisement. Scroll to continue reading.

The tech giant also announced the release of 42 new security patches as part of its July 2023 Linux bulletin.

Customers are advised to apply the available patches in a timely manner, or to block network access to unpatched applications, to reduce the risk of an attack. Unpatched Oracle products are known to have been targeted in the wild.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the tech giant notes.

Related: Oracle Releases 433 New Security Patches With April 2023 CPU

Related: Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication

Related: Oracle’s First Security Update for 2023 Includes 327 New Patches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.