Security Advisory 2021-002

Release Date:

Critical Vulnerabilities in Multiple Oracle Products

Download

History:

  • 20/01/2021 --- v1.0 -- Initial publication

Summary

Oracle has published an advisory about hundreds of critical vulnerabilities are affecting several of its products [1]. Many of the vulnerabilities can be remotely exploited without authentication and without user interaction. Expedient patching of the affected products is highly recommended.

Technical Details

The January 2021 Oracle Critical Patch Update contains 329 security patches for multiples products [1]. These patches are addressing various risks such as remote code execution, denial of service, system takeover, sensible data accessing and modification [2].

Affected products

The following product families from Oracle are affected. For details of the affected versions, please consult [1, 2]:

  • Business Intelligence Enterprise Edition
  • Enterprise Manager
  • Hyperion
  • Instantis EnterpriseTrack
  • JD Edwards EnterpriseOne
  • MySQL
  • Oracle Adaptive Access Manager
  • Oracle Agile
  • Oracle Application
  • Oracle Argus Safety
  • Oracle BAM (Business Activity Monitoring)
  • Oracle Banking
  • Oracle BI Publisher
  • Oracle Business
  • Oracle Coherence
  • Oracle Communications
  • Oracle Complex Maintenance, Repair, and Overhaul
  • Oracle Configurator
  • Oracle Data Integrator
  • Oracle Database Server
  • Oracle E-Business Suite
  • Oracle Endeca Information Discovery Integrator
  • Oracle Enterprise
  • Oracle Financial
  • Oracle FLEXCUBE
  • Oracle Fusion Middleware MapViewer
  • Oracle Global
  • Oracle GoldenGate Application Adapters
  • Oracle GraalVM Enterprise Edition
  • Oracle Health Sciences Information Manager
  • Oracle Healthcare Master Person Index
  • Oracle Hospitality
  • Oracle Insurance
  • Oracle Java SE
  • Oracle Managed File Transfer
  • Oracle Outside In Technology
  • Oracle Real-Time Decision Server
  • Oracle Retail
  • Oracle SD-WAN Edge
  • Oracle Secure Backup
  • Oracle Transportation Management
  • Oracle Utilities Framework
  • Oracle VM VirtualBox
  • Oracle WebCenter
  • Oracle WebLogic Server
  • Oracle ZFS Storage Appliance Kit
  • PeopleSoft Enterprise
  • Primavera
  • Siebel Applications
  • StorageTek Tape Analytics SW Tool

Recommendations

It is recommended to apply the patches from Oracle for all affected products.

References

[1] https://www.oracle.com/security-alerts/cpujan2021.html

[2] https://www.oracle.com/security-alerts/cpujan2021verbose.html

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.