![]() About 65 percent of the flaws can be exploited remotely without entering credentials, according to an analysis today from ERPScan. Oracle’s financial services applications received the most patches (56), followed by Fusion middleware (44), and then retail applications and the MySQL database (31 respectively). Java patches were also issued – but only eight of them, which is a 75 percent drop from last year’s July CPU. Taken together, these systems house the most sensitive information for any company, including financial information, HR data, vertical-specific information like student grades and loans or healthcare PHI, plus strategic operational data on business processes and intellectual property. Oracle’s business-critical applications are heavily represented, with the majority of the patches in the CPU issued for the widely deployed PeopleSoft enterprise resource planning platform, the E-Business Suite, the MySQL database, Siebel CRM, the Fusion middleware, JD Edwards products and more. Not that large numbers of fixes are uncommon: In its previous CPU in April, it fixed 251 flaws and before that, in January, it addressed 233. The update marks an all-time high for CPU fixes for the vendor, overtaking its previous record of 308 in July 2017. Oracle said in its advisory Tuesday that it has observed several exploits operating in the wild, across the spectrum of security holes, so applying the update should be at the top of the to-do list for administrators. Of the 334 vulnerabilities covered this month, 61 are rated critical, with a CVSS rating between nine and 10. Oracle has released a massive Critical Patch Update (CPU) for July, addressing 334 security vulnerabilities covering a vast swathe of its enterprise portfolio.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |