Connect with us

Hi, what are you looking for?



Oracle’s January 2021 CPU Contains 329 New Security Patches

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.

The January 2021 Critical Patch Update (CPU) addresses issues in both Oracle products and third-party components that are included in the company’s products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

The January 2021 CPU also includes fixes for CVE-2020-14750, an exploited vulnerability in WebLogic Server, which Oracle addressed with the release of an out-of-band update on November 1, 2020.

Oracle’s quarterly collection of patches brings fixes for more than 20 products across the tech giant’s portfolio, with Fusion Middleware being affected the most: it received 60 patches, with 47 of the resolved vulnerabilities being remotely exploitable, without authentication.

Financial Services Applications comes in second, with a total of 50 fixes and 41 vulnerabilities that unauthenticated attackers can exploit remotely, followed by MySQL at 43 patches and 5 remotely exploitable, without authentication.

Retail Applications, with 32 patches and 20 vulnerabilities that can be exploited remotely without authentication, and E-Business Suite, with 31 fixes and 29 bugs remotely exploitable by unauthenticated attackers, round up the top five most impacted products.

Virtualization received 17 patches this month, but none of the addressed vulnerabilities could be exploited remotely without authentication. However, all of those addressed by the 11 fixes released for Supply Chain could be.

Oracle also released patches for Communications (12 fixes – 7 flaws remotely exploitable without authentication), Enterprise Manager (8 – 8), PeopleSoft (8 – 6), Communications Applications (8 – 6), Database Server (8 – 1), Construction and Engineering (7 – 5), Hyperion (7 – 5), JD Edwards (5 – 5), Health Sciences Applications (5 – 3), Systems (4 – 3), Siebel CRM (4 – 1), Insurance Applications (3 – 1), GraalVM (2 – 2), Food and Beverage Applications (2 – 1), Java SE (1 – 1), and Utilities Applications (1 – 1).

Advertisement. Scroll to continue reading.

The tech company says that it continues to receive reports of threat actors attempting to exploit patched vulnerabilities, and it has advised customers to install the available updates as soon as possible, to ensure they are protected from such attacks.

Oracle’s next set of quarterly patches will be released on April 20, 2021.

Related: Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware

Related: Oracle’s October 2020 CPU Contains 402 New Security Patches

Related: Oracle’s July 2020 CPU Includes 443 New Patches

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

More People On The Move

Expert Insights