{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-004.pdf"
    },
    "title": "Critical Vulnerabilities in Multiple Oracle Products",
    "serial_number": "2020-004",
    "publish_date": "15-01-2020 11:57:00",
    "description": "Oracle has published an advisory about hundreds of critical vulnerabilities that are affecting several of its products. Many of the vulnerabilities can be remotely exploited without authentication and without user interaction. Expedient patching of the affected products is highly recommended.",
    "url_title": "2020-004",
    "content_markdown": "---\ntitle: 'Critical Vulnerabilities in\u00a0Multiple\u00a0Oracle\u00a0Products'\nversion: '1.0'\nnumber: '2020-004'\ndate: 'January 15, 2020'\n---\n\n_History:_\n\n* _15/01/2020 --- v1.0 -- Initial publication_\n\n# Summary\n\nOracle has published an advisory about **hundreds of critical vulnerabilities** are affecting several of its products [1]. Many of the vulnerabilities can be **remotely exploited without authentication and without user interaction**. Expedient patching of the affected products is highly recommended.\n\n# Technical Details\n\nThe January 2020 Oracle Critical Patch Update contains **334 security patches** for multiples products [1]. These patches are addressing various risks such as remote code execution, denial of service, system takeover, sensible data accessing and modification [2].\n\n# Affected products\n\nThe following product families from Oracle are affected. For details of the affected versions, please consult [1, 2]:\n\n* Enterprise Manager\n* Hyperion\n* Identity Manager\n* Instantis EnterpriseTrack\n* JD Edwards EnterpriseOne\n* MySQL\n* Oracle Agile\n* Oracle Application Testing Suite\n* Oracle AutoVue\n* Oracle Banking\n* Oracle Big Data Discovery\n* Oracle Business Intelligence Enterprise Edition\n* Oracle Clinical\n* Oracle Coherence\n* Oracle Communications\n* Oracle Database Server\n* Oracle Demantra Demand Management\n* Oracle E-Business Suite\n* Oracle Endeca Information Discovery\n* Oracle Enterprise\n* Oracle Financial Services\n* Oracle FLEXCUBE\n* Oracle GraalVM Enterprise Edition\n* Oracle Health Sciences Data Management Workbench\n* Oracle Healthcare Master Person Index\n* Oracle Hospitality\n* Oracle HTTP Server\n* Oracle iLearning\n* Oracle Java SE\n* Oracle Outside In Technology\n* Oracle Real-Time Scheduler\n* Oracle Reports Developer\n* Oracle Retail\n* Oracle Secure Global Desktop\n* Oracle Security Service\n* Oracle Solaris\n* Oracle Tuxedo\n* Oracle Utilities\n* Oracle VM Server for SPARC\n* Oracle VM VirtualBox\n* Oracle WebCenter Sites\n* Oracle WebLogic Server\n* PeopleSoft\n* Primavera\n* Siebel Applications\n* Sun ZFS Storage Appliance Kit\n* Tape Library ACSLS\n\n# Recommendations\n\nIt is recommended to apply the patches from Oracle for all affected products.\n\n# References\n\n[1] <https://www.oracle.com/security-alerts/cpujan2020.html>\n\n[2] <https://www.oracle.com/security-alerts/cpujan2020verbose.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>15/01/2020 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Oracle has published an advisory about <strong>hundreds of critical vulnerabilities</strong> are affecting several of its products [1]. Many of the vulnerabilities can be <strong>remotely exploited without authentication and without user interaction</strong>. Expedient patching of the affected products is highly recommended.</p><h2 id=\"technical-details\">Technical Details</h2><p>The January 2020 Oracle Critical Patch Update contains <strong>334 security patches</strong> for multiples products [1]. These patches are addressing various risks such as remote code execution, denial of service, system takeover, sensible data accessing and modification [2].</p><h2 id=\"affected-products\">Affected products</h2><p>The following product families from Oracle are affected. For details of the affected versions, please consult [1, 2]:</p><ul><li>Enterprise Manager</li><li>Hyperion</li><li>Identity Manager</li><li>Instantis EnterpriseTrack</li><li>JD Edwards EnterpriseOne</li><li>MySQL</li><li>Oracle Agile</li><li>Oracle Application Testing Suite</li><li>Oracle AutoVue</li><li>Oracle Banking</li><li>Oracle Big Data Discovery</li><li>Oracle Business Intelligence Enterprise Edition</li><li>Oracle Clinical</li><li>Oracle Coherence</li><li>Oracle Communications</li><li>Oracle Database Server</li><li>Oracle Demantra Demand Management</li><li>Oracle E-Business Suite</li><li>Oracle Endeca Information Discovery</li><li>Oracle Enterprise</li><li>Oracle Financial Services</li><li>Oracle FLEXCUBE</li><li>Oracle GraalVM Enterprise Edition</li><li>Oracle Health Sciences Data Management Workbench</li><li>Oracle Healthcare Master Person Index</li><li>Oracle Hospitality</li><li>Oracle HTTP Server</li><li>Oracle iLearning</li><li>Oracle Java SE</li><li>Oracle Outside In Technology</li><li>Oracle Real-Time Scheduler</li><li>Oracle Reports Developer</li><li>Oracle Retail</li><li>Oracle Secure Global Desktop</li><li>Oracle Security Service</li><li>Oracle Solaris</li><li>Oracle Tuxedo</li><li>Oracle Utilities</li><li>Oracle VM Server for SPARC</li><li>Oracle VM VirtualBox</li><li>Oracle WebCenter Sites</li><li>Oracle WebLogic Server</li><li>PeopleSoft</li><li>Primavera</li><li>Siebel Applications</li><li>Sun ZFS Storage Appliance Kit</li><li>Tape Library ACSLS</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended to apply the patches from Oracle for all affected products.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.oracle.com/security-alerts/cpujan2020.html\">https://www.oracle.com/security-alerts/cpujan2020.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.oracle.com/security-alerts/cpujan2020verbose.html\">https://www.oracle.com/security-alerts/cpujan2020verbose.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}