Oracle on Tuesday introduced the discharge of its newest quarterly Essential Patch Replace (CPU), which features a whole of 419 safety patches for vulnerabilities throughout the corporate’s portfolio.
Simply over half of the patches tackle vulnerabilities that might be exploited remotely with out authentication, Oracle introduced.
Of the 419 new safety patches within the October 2021 CPU, 36 cope with vital vulnerabilities, with one in all them that includes a CVSS rating of 10. The CPU additionally addresses 60 vulnerabilities that characteristic a CVSS rating between 8 and 9.
Oracle Communications obtained the most important variety of patches on this CPU, at 71. Of those, 56 vulnerabilities might be exploited remotely with out authentication.
MySQL additionally obtained numerous fixes, particularly 66. Exploitation of 10 of the addressed points may be executed remotely, with out authentication.
Monetary Companies Functions obtained 44 safety patches (26 of the vulnerabilities might be exploited by distant, unauthenticated attackers), whereas Fusion Middleware obtained 38 (30 safety holes remotely exploitable with out authentication).
Different Oracle software program to have obtained greater than ten safety fixes contains Retail Functions (26 patches – together with 9 flaws remotely exploitable with out authentication), Communications Functions (19 – 14), E-Enterprise Suite (18 – 4), PeopleSoft (17 – 8), Insurance coverage Functions (16 – 11), Java SE (15 – 13), Development and Engineering (12 – 7), and JD Edwards (11 – 8).
Oracle additionally launched safety patches for Commerce, Database Server, Essbase, Enterprise Supervisor, GoldenGate, Graph Server and Shopper, Well being Sciences Functions, Hospitality Functions, Hyperion, REST Information Companies, Safe Backup, Siebel CRM, Provide Chain, Methods, Utilities Functions, and Virtualization.
The corporate introduced that, whereas no new patches had been launched for World Lifecycle Administration, NoSQL, Spatial Studio, and SQL Developer, updates rolling out for them tackle third-party vulnerabilities.
Among the safety patches launched for different Oracle software program tackle further vulnerabilities as effectively, together with in third-party parts.
As standard, Oracle urges customers and directors to use the newly launched patches in a well timed method, warning that attackers are always concentrating on recognized vulnerabilities in its merchandise, for which fixes can be found.
“In some cases, it has been reported that attackers have been profitable as a result of focused prospects had failed to use accessible Oracle patches. Oracle subsequently strongly recommends that prospects stay on actively-supported variations and apply Essential Patch Replace safety patches directly,” the corporate says.
Oracle plans to launch the following quarterly CPU on January 18, 2022.