In a sign of how serious some of the financial services application vulnerabilities are likely to be, they include one with a CVSS score of a critical 9.8, suggesting both high impact and easy exploitability. More details are to follow from Oracle late today.
(CVSS, or the Common Vulnerability Scoring System is an open industry standard to assess the severity of computer system security vulnerabilities).
Oracle Security Patches
Among the ones to look out for:
A chunky 74 new security patches for the Oracle E-Business Suite, the vast majority of which (71) are potentially remotely exploitable without authentication.
Further, two remotely exploitable bugs in Oracle Support Tools with a highly critical CVSS score of 9.8. (Oracle provides hundreds of tools to automate and or optimise manual support processes/conduct diagnostics. Details on precisely which is effected will, again, be revealed when the patches land late April 14).
Also standing out: 45 new security patches for Oracle’s widely deployed MySQL database; nine of which are potentially remotely exploitable without authentication.
The worst, again, has a critical CVSS score of 9.8.
MySQL Client, versions 5.6.47 and prior, 5.7.29 and prior, 8.0.18 and prior
MySQL Cluster, versions 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior, 8.0.19 and prior
MySQL Connectors, versions 5.1.48 and prior, 8.0.19 and prior
MySQL Enterprise Monitor, versions 184.108.40.20631 and prior, 220.127.116.117 and prior
MySQL Server, versions 5.6.47 and prior, 5.7.29 and prior, 8.0.19 and prior
MySQL Workbench, versions 8.0.19 and prior
With 56 new security patches for Oracle Fusion Middleware, 49 of which are again able to be abused by a bad actor over a network without authentication, ditto for 35 vulns in Oracle Communications Applications (spanning Services Gatekeeper, WebRTC Session Controller and more) sysadmins/IT teams look set for a busy Tuesday evening.
Computer Business Review will bring you more details when the full set of bug fixes lands. Here’s the full overview meanwhile for a quick assessment.