Oracle Patches 301 Vulnerabilities

Thursday, October 18, 2018 @ 04:10 PM gHale

Oracle released its Critical Patch Update for October 2018, fixing 301 vulnerabilities across its product line.

This CPU is the last one scheduled for 2018, and brings the number of vulnerabilities fixed in 2018 to 1,119.

RELATED STORIES
Oracle Feels Effects of Apache Struts Flaw
Oracle Fixes More Spectre, Meltdown Issues
Oracle Access Manager Cyrptographic Hole
Attack Group Targets Healthcare, Manufacturing

The update for Oracle Fusion Middleware, which are a bevy of Oracle software products and spans multiple services, expectedly carries the greatest number of patches: 65, according to the Oracle advisory.

All but nine of the 65 vulnerabilities can be remotely exploitable without authentication.

Fusion Middleware is followed by Oracle MySQL (38), Oracle Retail Applications (31), and Oracle PeopleSoft (24).

Oracle usually releases Risk Matrices for each vulnerability fixed to help administrators prioritize patches.

Forty-five of the flaws patched this month carry a CVSS (Common Vulnerability Scoring System) score of 9.8 and can be easily exploited by less skilled, unauthenticated, remote attackers over a network.

One vulnerability – CVE-2018-2913 affecting Oracle GoldenGate, a software package for real-time data integration and replication in heterogeneous IT environments –received the maximum CVSS score of 10.0 (for platforms that are not Windows and Linux).

It affects versions 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0, and allows an unauthenticated attacker with network access via TCP to compromise the software.



Leave a Reply

You must be logged in to post a comment.