Oracle Issues Nearly 300 Patches in Quarterly Update (Apr 18, 2019)
In the latest Critical Update Patch, Oracle has issued security updates for 297 vulnerabilities. The patches were issued for 110 products on April 16. Some of the products that contained vulnerabilities include the following: Fusion Middleware product set with 42 vulnerabilities. Other products affected are Oracle Communications Applications with 26 security fixes, and the Oracle E-Business Suite, with 35 security fixes, with the majority for remotely exploitable bugs. Oracle Retail Applications received 24 security fixes, with 20 open to potential remote exploitation without authentication.
Recommendation: The Critical Update Patch should be applied as soon as possible due to the nature of the vulnerabilities, and potential for remote exploitation. Additionationally, security policies should be reviewed to ensure security updates are applied immediately. Patches and additional information can be found on Oracle’s security advisory located here: “https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html”
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.