• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Oracle's April Critical Patch Update Fixes 88 Vulnerabilities

April 19, 2012 By Corey Nachreiner

Yesterday, Oracle released their quarterly Critical Patch Update (CPU) for April 2012. Oracle CPUs are collections of security updates, which fix security flaws in the wide-range of products Oracle offers. According to their April advisory, this quarter’s CPU fixes 88 vulnerabilities in many of their products, including

  • Oracle Database
  • Oracle Application Server
  • Oracle Identity Manager
  • Oracle JDeveloper
  • Oracle PeopleSoft
  • Oracle MySQL Server
  • and many other products.

For a complete list of the affected Oracle products, see the “Affected Products and Components” section of their advisory.

Oracle’s advisory doesn’t describe every flaw in technical detail. However, they do describe their scopes and general impact, as well as assign each of them CVSS severity scores. The 88 vulnerabilities differ greatly in their scope and impact, but the worst of them pose a pretty critical risk. For instance, unauthenticated, remote attackers can exploit a few of the Oracle Database vulnerabilities to gain unauthorized access to your database server. The update also includes a critical fix for JRocket with the highest CVSS score of 10.

If you manage any of the Oracle products listed in their April CPU advisory, I recommend you visit the Patch Availably section of their alert, and download, test and deploy the appropriate updates as soon as you can. — Corey Nachreiner, CISSP (@SecAdept).

Share This:

Related

Filed Under: Security Bytes Tagged With: drive-by download, Oracle, sun, Updates and patches

Comments

  1. sabrinasai says

    April 22, 2012 at 11:50 pm

    Good to know about it.

    Reply
  2. John says

    May 4, 2012 at 1:47 am

    Oracle Technology Network provides services and resources to help developers.

    Reply
  3. Lita Y. Fiesel says

    October 4, 2014 at 6:56 pm

    Hi there I am so thrilled I found your website, I really found you
    by accident, while I was browsing on Google for something else, Regardless I am here now and would just like
    to say cheers for a tremendous post and a all round interesting blog (I also love the theme/design), I don’t have time
    to read it all at the moment but I have bookmarked it and also added in your RSS feeds, so when I have time I will be back to read much more,
    Please do keep up the fantastic work.

    Reply
  4. Justine L. Braver says

    October 5, 2014 at 8:56 pm

    You can certainly see your expertise within the article you write.

    The world hopes for more passionate writers like you
    who are not afraid to mention how they believe. Always go after
    your heart.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • The Qakbot Takedown
  • iPhone’s Latest 0-Day
  • Meta’ One Good Deed

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Meta’ One Good Deed
  • iPhone’s Latest 0-Day
  • The Qakbot Takedown
  • Weaponizing WinRAR
  • U.S. Cyber Trust Mark
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use