Oracle

Oracle July 2021 Critical Patch Update for All Product Families

August 2, 2021

Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends that users fix these […]

Oracle April 2021 Critical Patch Update for All Product Families

May 17, 2021

Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends users fix these […]

Oracle Coherence Remote Code Execution Vulnerability (CVE-2020-2915) Threat Alert

April 28, 2020

Overview

On April 14, local time, Oracle released the April Critical Patch Update (CPU) which fixes vulnerabilities that include a critical one (CVE-2020-2915) in Oracle Coherence CPU, with a CVSS score of 9.8.

This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle Coherence. Successful exploitation of it could result in takeover of Oracle Coherence, hence remote code execution.

Products that use Oracle Coherence are affected by this vulnerability. The installation package of WebLogic Server 11g Release (10.3.4) and later has the Oracle Coherence library integrated by default. (more…)

Oracle April 2020 Critical Patch Update for All Product Families Threat Alert

April 26, 2020

Overview

On April 14, 2020, local time, Oracle released its own security advisory and third-party security advisories for its April 2020 Critical Patch Update (CPU) which fix 397 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:

(more…)

Oracle Coherence Deserialization Remote Code Execution Vulnerability (CVE-2020-2555) Threat Alert

March 20, 2020

Vulnerability Description

On January 15, 2020, Oracle released Critical Patch Update (CPU) for January 2020 that fixes 334 vulnerabilities of different risk levels, including a remote code execution vulnerability (CVE-2020-2555) with the CVSS score of 9.8 in the deserialization by Oracle Coherence deserialization. This vulnerability allows an unauthenticated attacker to launch attacks via a crafted T3 request. A successful exploitation of this vulnerability could lead to arbitrary code execution on the target host. Products that use Oracle Coherence are affected by this vulnerability. The installation package of WebLogic Server 11g Release 10.3.4 and later has the Oracle Coherence library integrated by default. (more…)

Oracle family key patch update January 2020 Security Alert

January 28, 2020

Overview

On January 14, 2020, Oracle officially announced critical patch update (CPU) security announcement and third-party security announcement, and fixed 334 vulnerabilities. See the appendix table for the affected conditions and available patches of each product.

(more…)

Oracle July 2019 Critical Patch Update for All Product Families Threat Alert

July 26, 2019

Overview

On July 16, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 319 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:

For more details, see Oracle’s official security advisories from the following link:

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (more…)

Oracle April 2019 Critical Patch Update for All Product Families Threat Alert

April 30, 2019

Overview

On April 16, 2019, local time, Oracle released its security advisory of the Critical Patch Update (CPU) for the second quarter. The CPU fixes 297 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the following link:

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (more…)

Oracle January 2019 Critical Patch Update Security Advisory for All Product Families

January 22, 2019

Overview

On January 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its January 2019 Critical Patch Update (CPU) which fix 284 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)

Oracle October 2018 Critical Patch Update for All Product Families Threat Alert

October 22, 2018

Overview

On October 16, 2018, local time, Oracle released its quarterly security advisory of the Critical Patch Update (CPU) for the third quarter. The CPU fixes 301 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, see the appendix. (more…)