Oracle to fix maximum-severity vulnerabilities

Oracle to fix maximum-severity vulnerabilities

Summary: The company's quarterly patch will address critical vulnerabilities that affect hundreds of products

TOPICS: Security

Oracle is to release 24 fixes in its latest quarterly patch, due out on Tuesday.

Critical vulnerabilities affecting Listener for Oracle Database Server, Oracle Secure Backup and Oracle JRockit have been given a CVSS (Common Vulnerability Scoring System) score of 10, indicating maximum severity.

"This Critical Patch Update contains 24 new security vulnerability fixes across hundreds of Oracle products," said an Oracle pre-release announcement for January.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

Affected products include Oracle Database; Oracle Application Server; Oracle Access Manager; Oracle E-Business Suite; PeopleSoft Enterprise HCM; Oracle WebLogic Server; Oracle JRockit; and Primavera P6.

Oracle Database will get 10 fixes, two of which are for vulnerabilities that can be remotely exploited over a network without a username or password, while the BEA Products Suite will get five, all remotely exploitable without authentication.

Oracle's last patch, released in October, addressed 38 flaws.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion