Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.
The January 2021 Critical Patch Update (CPU) addresses issues in both Oracle products and third-party components that are included in the company’s products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.
The January 2021 CPU also includes fixes for CVE-2020-14750, an exploited vulnerability in WebLogic Server, which Oracle addressed with the release of an out-of-band update on November 1, 2020.
Oracle’s quarterly collection of patches brings fixes for more than 20 products across the tech giant’s portfolio, with Fusion Middleware being affected the most: it received 60 patches, with 47 of the resolved vulnerabilities being remotely exploitable, without authentication.
Financial Services Applications comes in second, with a total of 50 fixes and 41 vulnerabilities that unauthenticated attackers can exploit remotely, followed by MySQL at 43 patches and 5 remotely exploitable, without authentication.
Retail Applications, with 32 patches and 20 vulnerabilities that can be exploited remotely without authentication, and E-Business Suite, with 31 fixes and 29 bugs remotely exploitable by unauthenticated attackers, round up the top five most impacted products.
Virtualization received 17 patches this month, but none of the addressed vulnerabilities could be exploited remotely without authentication. However, all of those addressed by the 11 fixes released for Supply Chain could be.
Oracle also released patches for Communications (12 fixes – 7 flaws remotely exploitable without authentication), Enterprise Manager (8 – 8), PeopleSoft (8 – 6), Communications Applications (8 – 6), Database Server (8 – 1), Construction and Engineering (7 – 5), Hyperion (7 – 5), JD Edwards (5 – 5), Health Sciences Applications (5 – 3), Systems (4 – 3), Siebel CRM (4 – 1), Insurance Applications (3 – 1), GraalVM (2 – 2), Food and Beverage Applications (2 – 1), Java SE (1 – 1), and Utilities Applications (1 – 1).
The tech company says that it continues to receive reports of threat actors attempting to exploit patched vulnerabilities, and it has advised customers to install the available updates as soon as possible, to ensure they are protected from such attacks.
Oracle’s next set of quarterly patches will be released on April 20, 2021.
Related: Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware
Related: Oracle’s October 2020 CPU Contains 402 New Security Patches
More from Ionut Arghire
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
- New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
- CISA Seeks Public Opinion on Cloud Application Security Guidance
Latest News
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
