Oracle to fix maximum-severity vulnerabilities

Oracle is to release 24 fixes in its latest quarterly patch, due out on Tuesday.

Critical vulnerabilities affecting Listener for Oracle Database Server, Oracle Secure Backup and Oracle JRockit have been given a CVSS (Common Vulnerability Scoring System) score of 10, indicating maximum severity.

"This Critical Patch Update contains 24 new security vulnerability fixes across hundreds of Oracle products," said an Oracle pre-release announcement for January.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

Affected products include Oracle Database; Oracle Application Server; Oracle Access Manager; Oracle E-Business Suite; PeopleSoft Enterprise HCM; Oracle WebLogic Server; Oracle JRockit; and Primavera P6.

Oracle Database will get 10 fixes, two of which are for vulnerabilities that can be remotely exploited over a network without a username or password, while the BEA Products Suite will get five, all remotely exploitable without authentication.

Oracle's last patch, released in October, addressed 38 flaws.