Overview Recently, NSFOCUS CERT detected that Oracle issued a security bulletin to fix the remote code execution vulnerability (CVE-2025-61882) in Oracle E-Business Suite; Because Oracle Concurrent Processing (BI Publisher Integration) of Oracle E-Business Suite does not strictly validate and filter user input, unauthenticated attackers can use SSRF, CRLF injection, Vulnerability...
Tag: Oracle
Oracle January Critical Patch Update for All Product Families
Overview On January 19, 2022, NSFOCUS CERT monitoring found that Oracle officially released the CPU (Critical Patch Update) in January. A total of 497 vulnerabilities of varying degrees were fixed this time. This security update involves Oracle WebLogic Server. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications...
WebLogic Multiple High-Risk Vulnerabilities Threat Alert
Overview On July 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. Among these vulnerabilities, three severe ones are easy to exploit to affect WebLogic. Users are advised to take measures without delay to protect against the...
Oracle July 2021 Critical Patch Update for All Product Families
Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly...
Oracle April 2021 Critical Patch Update for All Product Families
Vulnerability Description On April 21, 2021, NSFOCUS detected that Oracle released the April 2021 Critical Patch Update (CPU), which fixed 400 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle...
Oracle Coherence Remote Code Execution Vulnerability (CVE-2020-2915) Threat Alert
Overview On April 14, local time, Oracle released the April Critical Patch Update (CPU) which fixes vulnerabilities that include a critical one (CVE-2020-2915) in Oracle Coherence CPU, with a CVSS score of 9.8. This vulnerability allows unauthenticated attackers with network access via T3 to compromise vulnerable Oracle Coherence. Successful exploitation...
