Multiple high-risk vulnerabilities in Oracle products Alert

by ddos · July 15, 2020

On July 15, 2020, Oracle officially released the July security update. This security update fixed 443 vulnerabilities, of which Oracle Fusion Middleware has 52 vulnerability patch updates, mainly covering Oracle Weblogic, Oracle Coherence, Oracle BI Publisher, Oracle Endeca Information Discovery Studio, Oracle Business Intelligence Enterprise Edition, and other products. Of the 52 vulnerability patches in this update, 48 vulnerabilities can be used remotely without authentication.

“Oracle World San Francisco 2006”by stevegarfield is licensed under CC BY-NC-SA 2.0

Vulnerability details

Multiple Deserialization Vulnerabilities in Oracle WebLogic Server

Weblogic has updated multiple deserialization vulnerabilities this time. These vulnerabilities allow unauthenticated attackers to send constructed malicious requests through IIOP and T3 protocols to execute code on Oracle WebLogic Server. The serious vulnerability numbers are as follows:

CVE-2020-14625
CVE-2020-14644
CVE-2020-14645

CVE-2020-14687

Multiple serious vulnerabilities in Oracle Communications Applications

This Critical Patch Update contains 60 new security patches for Oracle Communications Applications. 46 of these vulnerabilities can be remotely exploited without authentication, that is, they can be exploited over the network without user credentials. The serious vulnerability numbers are as follows:

CVE-2020-14701

CVE-2020-14606

Multiple serious vulnerabilities in Oracle E-Business Suite

This Critical Patch Update contains 30 new security patches for Oracle E-Business Suite. 24 of these vulnerabilities can be remotely exploited without authentication, that is, they can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:

CVE-2020-14598
CVE-2020-14599

CVE-2020-14658
CVE-2020-14665

Multiple serious vulnerabilities in Oracle Enterprise Manager

his Critical Patch Update contains 14 new security patches for Oracle Enterprise Manager. Ten of these vulnerabilities can be remotely exploited without authentication, that is, they can be used over the network without user credentials. The serious vulnerability numbers are as follows:

CVE-2020-9546

CVE-2020-1945
CVE-2019-0227

Multiple serious vulnerabilities in Oracle Financial Services Applications

This Critical Patch Update contains 38 new security patches for Oracle Financial Services applications. 26 of these vulnerabilities can be exploited remotely without authentication, that is, they can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:

CVE-2019-13990

CVE-2020-9546
CVE-2019-2904
CVE-2017-5645

CVE-2017-15708
CVE-2019-13990
CVE-2019-13990

CVE-2019-11358
CVE-2020-1945
CVE-2020-1945

CVE-2020-1945

Oracle MySQL

This Critical Patch Update contains 40 new security patches for Oracle MySQL. Six of the vulnerabilities can be exploited remotely without authentication, that is, they can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:

CVE-2020-1938

Oracle Database Server

This Critical Patch Update contains 19 new security patches for the Oracle database server. One of these vulnerabilities can be exploited remotely without authentication, that is, these vulnerabilities can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:

CVE-2020-2968

Solution

In this regard, we recommend that users install the latest patches in a timely manner to avoid being hacked.

Multiple high-risk vulnerabilities in Oracle products Alert

Oracle Database Server

Solution

Search

Brilliantly

Content & Links