A large number of vulnerabilities in Java SE, databases, or Web Services – many of them critically – includes Oracle quarterly Patch cycle.
Oracle released on patch Tuesday, a total of 253 Patches and fixes to leaks in 76 products. In this quarterly published update 15 leaks, which are rated with a CVSS 9 or higher.
Oracle recommends that the users due to the number of critical leaks, the Patches as quickly as possible to install. As the manufacturer tells, there are always incidents of attacks but also of successful attacks.
Among the affected products, among other things, Oracle Database Server, Oracle E-Business Suite, Oracle Industry Applications, Oracle Fusion Middleware, Oracle Sun Products, Oracle Java SE, Oracle and MySQL, the Oracle, in a Blog.
The most serious leaks miss 9.8 almost the highest rating of 10.0. These leaks are stuck in Oracle Big Data Discovery, Oracle, Web Services, Oracle Commerce Platform, Oracle Retail Customer Insights and Oracle Retail Merchandising Insights and WebLogic over HTTP. Unauthorized users could access it without access to the network via HTTP, on different protocols or Java SE influence.
In addition to numerous leaks in the Oracle database Server, Oracle closes in over 70 products to be weak. (Image: Oracle)
So an attacker could get full control of Java SE. This also makes other products could be vulnerable. Other leaks can only be found with the help of another Person to exploit. Oracle classifies in three leaks in Java SE, with 9.6. The components of the 2D, AWT, and Hotspot are affected (in Java SE Embedded).
With 9.1 a leak in the component is rated MscObieeSrvlt in the Oracle Advanced Supply Chain Planning. Also with 9.1 the error in OJVM is a rating in the Oracle Database Server in different versions. Furthermore, an attacker Sessions and procedures can create and network access via multiple protocols OJVM manipulate. An attacker is able to bring OJVM completely under his control, but also other products could be affected.
For the Oracle Database Server, the manufacturer released a total of 12 new security updates. Here, too, a leak could be exploited remotely without authentication. In addition, there are two vulnerabilities for Oracle Secure Backup here, too, unauthorized access over the network is possible. The same is true for Oracle Big Data Graph.
Who has the workplace concept, the Sun Ray is still in use, it should also fix a 8.2 CVSS Score is weighted the OpenSSL Bug. About the leak Sun Ray OS can be made to crash.
Especially given the sometimes high hazard potential by the leaks, it is always criticism of Oracle, according to the leaks be fixed on a quarterly basis. Other manufacturers, such as SAP, or Microsoft make an effort to fix security leaks on a monthly basis.