Oracle Critical Patch Update - July 2022
History:
- 22/07/2022 --- v1.0 -- Initial publication
Summary
On July 19th, 2022, Oracle released their quarterly Critical Patch Update advisory, a collection of patches that addresses multiple critical security flaws, affecting several of their products [1]. Many of these vulnerabilities may be remotely exploited without the need for user credentials. It is therefore highly recommended to apply the security patches without delay.
Technical Details
The July 2022 Critical Patch Update contains 349 new security patches, many of which tackle critical vulnerabilities that are easily exploitable and can lead to system takeover, Denial of Service (DOS), and unauthorised creation, deletion or modification access to critical data [2].
Affected Products
The following 37 Oracle product families are affected. For further details (e.g., affected versions), please consult Oracle’s official page [1, 2]:
- Oracle Database Server
- Oracle Autonomous Health Framework
- Oracle Berkeley DB
- Oracle Big Data Graph
- Oracle Blockchain Platform
- Oracle Essbase
- Oracle Global Lifecycle Management
- Oracle GoldenGate
- Oracle Graph Server and Client
- Oracle NoSQL Database
- Oracle REST Data Services
- Oracle Spatial Studio
- Oracle SQL Developer
- Oracle TimesTen In-Memory Database
- Oracle Commerce
- Oracle Communications Applications
- Oracle Communications
- Oracle Construction and Engineering
- Oracle E-Business Suite
- Oracle Enterprise Manager
- Oracle Financial Services Applications
- Oracle Food and Beverage Applications
- Oracle Fusion Middleware
- Oracle Health Sciences Applications
- Oracle HealthCare Applications
- Oracle Hospitality Applications
- Oracle Java SE
- Oracle JD Edwards
- Oracle MySQL
- Oracle PeopleSoft
- Oracle Policy Automation
- Oracle Retail Applications
- Oracle Siebel CRM
- Oracle Supply Chain
- Oracle Systems
- Oracle Utilities Applications
- Oracle Virtualization
Recommendations
It is recommended to apply the patches for all affected products as soon as possible.
References
[1] https://www.oracle.com/security-alerts/cpujul2022.html
[2] https://www.oracle.com/security-alerts/cpujul2022verbose.html