Connect with us

Hi, what are you looking for?



Oracle Releases 508 New Security Patches With July 2023 CPU

Oracle has released 508 new security patches as part of the July 2023 CPU, including more than 70 that address critical vulnerabilities

Oracle on Tuesday announced the release of 508 new security patches as part of the July 2023 CPU, including more than 75 patches that resolve critical-severity vulnerabilities.

More than 350 of the security patches address vulnerabilities that can be exploited remotely, without authentication. Some of these flaws impact multiple products, Oracle’s advisory reveals.

As part of this quarterly set of security updates, Financial Services received the largest number of patches, at 147. Of the resolved vulnerabilities, 115 can be exploited by remote, unauthenticated attackers with network access.

Oracle’s July 2023 CPU includes 77 security patches for Communications, with 57 of the flaws remotely exploitable without authentication.

Fusion Middleware received 60 security patches, including fixes for 40 remotely exploitable, unauthenticated bugs. Communications Applications (40 patches – 30 issues exploitable remotely without authentication), Analytics (32 – 23), and MySQL (24 – 11) received numerous fixes as well.

On Tuesday, Oracle also announced patches for Utilities Applications, Supply Chain, Retail Applications, Java SE, PeopleSoft, Siebel CRM, Commerce, Enterprise Manager, Construction and Engineering, E-Business Suite, JD Edwards, and over a dozen other products.

Successful exploitation of some of these vulnerabilities may lead to complete application or system compromise, Oracle says. Many of the updates also include additional third-party patches. 

Advertisement. Scroll to continue reading.

On Tuesday, Oracle also released the July 2023 Solaris bulletin, which includes 17 new security patches, including 11 for vulnerabilities that are remotely exploitable, without authentication. Two of the vulnerabilities are rated ‘critical severity’.

The tech giant also announced the release of 42 new security patches as part of its July 2023 Linux bulletin.

Customers are advised to apply the available patches in a timely manner, or to block network access to unpatched applications, to reduce the risk of an attack. Unpatched Oracle products are known to have been targeted in the wild.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the tech giant notes.

Related: Oracle Releases 433 New Security Patches With April 2023 CPU

Related: Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication

Related: Oracle’s First Security Update for 2023 Includes 327 New Patches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.