Multiple high-risk vulnerabilities in Oracle products Alert

On July 15, 2020, Oracle officially released the July security update. This security update fixed 443 vulnerabilities, of which Oracle Fusion Middleware has 52 vulnerability patch updates, mainly covering Oracle Weblogic, Oracle Coherence, Oracle BI Publisher, Oracle Endeca Information Discovery Studio, Oracle Business Intelligence Enterprise Edition, and other products. Of the 52 vulnerability patches in this update, 48 vulnerabilities can be used remotely without authentication.

Oracle Critical Patch Update July

“Oracle World San Francisco 2006”by stevegarfield is licensed under CC BY-NC-SA 2.0

Vulnerability details

Multiple Deserialization Vulnerabilities in Oracle WebLogic Server

Weblogic has updated multiple deserialization vulnerabilities this time. These vulnerabilities allow unauthenticated attackers to send constructed malicious requests through IIOP and T3 protocols to execute code on Oracle WebLogic Server. The serious vulnerability numbers are as follows:
  • CVE-2020-14625
  • CVE-2020-14644
  • CVE-2020-14645
  • CVE-2020-14687

Multiple serious vulnerabilities in Oracle Communications Applications

This Critical Patch Update contains 60 new security patches for Oracle Communications Applications. 46 of these vulnerabilities can be remotely exploited without authentication, that is, they can be exploited over the network without user credentials. The serious vulnerability numbers are as follows:

  • CVE-2020-14701
  • CVE-2020-14606

Multiple serious vulnerabilities in Oracle E-Business Suite

This Critical Patch Update contains 30 new security patches for Oracle E-Business Suite. 24 of these vulnerabilities can be remotely exploited without authentication, that is, they can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:
  • CVE-2020-14598
  • CVE-2020-14599
  • CVE-2020-14658
  • CVE-2020-14665

Multiple serious vulnerabilities in Oracle Enterprise Manager

his Critical Patch Update contains 14 new security patches for Oracle Enterprise Manager. Ten of these vulnerabilities can be remotely exploited without authentication, that is, they can be used over the network without user credentials. The serious vulnerability numbers are as follows:
  • CVE-2020-9546
  • CVE-2020-1945
  • CVE-2019-0227

Multiple serious vulnerabilities in Oracle Financial Services Applications

This Critical Patch Update contains 38 new security patches for Oracle Financial Services applications. 26 of these vulnerabilities can be exploited remotely without authentication, that is, they can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:
  • CVE-2019-13990
  • CVE-2020-9546
  • CVE-2019-2904
  • CVE-2017-5645
  • CVE-2017-15708
  • CVE-2019-13990
  • CVE-2019-13990
  • CVE-2019-11358
  • CVE-2020-1945
  • CVE-2020-1945
  • CVE-2020-1945

Oracle MySQL

This Critical Patch Update contains 40 new security patches for Oracle MySQL. Six of the vulnerabilities can be exploited remotely without authentication, that is, they can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:
  • CVE-2020-1938

Oracle Database Server

This Critical Patch Update contains 19 new security patches for the Oracle database server. One of these vulnerabilities can be exploited remotely without authentication, that is, these vulnerabilities can be exploited over the network without requiring user credentials. The serious vulnerability numbers are as follows:
  • CVE-2020-2968

Solution

In this regard, we recommend that users install the latest patches in a timely manner to avoid being hacked.