Oracle to fix maximum-severity vulnerabilities

Summary:The company's quarterly patch will address critical vulnerabilities that affect hundreds of products

Oracle is to release 24 fixes in its latest quarterly patch, due out on Tuesday.

Critical vulnerabilities affecting Listener for Oracle Database Server, Oracle Secure Backup and Oracle JRockit have been given a CVSS (Common Vulnerability Scoring System) score of 10, indicating maximum severity.

"This Critical Patch Update contains 24 new security vulnerability fixes across hundreds of Oracle products," said an Oracle pre-release announcement for January.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

Affected products include Oracle Database; Oracle Application Server; Oracle Access Manager; Oracle E-Business Suite; PeopleSoft Enterprise HCM; Oracle WebLogic Server; Oracle JRockit; and Primavera P6.

Oracle Database will get 10 fixes, two of which are for vulnerabilities that can be remotely exploited over a network without a username or password, while the BEA Products Suite will get five, all remotely exploitable without authentication.

Oracle's last patch, released in October, addressed 38 flaws.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.