Multiple high-risk vulnerabilities in Oracle products Alert
On July 15, 2020, Oracle officially released the July security update. This security update fixed 443 vulnerabilities, of which Oracle Fusion Middleware has 52 vulnerability patch updates, mainly covering Oracle Weblogic, Oracle Coherence, Oracle BI Publisher, Oracle Endeca Information Discovery Studio, Oracle Business Intelligence Enterprise Edition, and other products. Of the 52 vulnerability patches in this update, 48 vulnerabilities can be used remotely without authentication.
“Oracle World San Francisco 2006”by stevegarfield is licensed under CC BY-NC-SA 2.0
Vulnerability details
Multiple Deserialization Vulnerabilities in Oracle WebLogic Server
- CVE-2020-14625
- CVE-2020-14644
- CVE-2020-14645
- CVE-2020-14687
Multiple serious vulnerabilities in Oracle Communications Applications
This Critical Patch Update contains 60 new security patches for Oracle Communications Applications. 46 of these vulnerabilities can be remotely exploited without authentication, that is, they can be exploited over the network without user credentials. The serious vulnerability numbers are as follows:
- CVE-2020-14701
- CVE-2020-14606
Multiple serious vulnerabilities in Oracle E-Business Suite
- CVE-2020-14598
- CVE-2020-14599
- CVE-2020-14658
- CVE-2020-14665
Multiple serious vulnerabilities in Oracle Enterprise Manager
- CVE-2020-9546
- CVE-2020-1945
- CVE-2019-0227
Multiple serious vulnerabilities in Oracle Financial Services Applications
- CVE-2019-13990
- CVE-2020-9546
- CVE-2019-2904
- CVE-2017-5645
- CVE-2017-15708
- CVE-2019-13990
- CVE-2019-13990
- CVE-2019-11358
- CVE-2020-1945
- CVE-2020-1945
- CVE-2020-1945
Oracle MySQL
- CVE-2020-1938
Oracle Database Server
- CVE-2020-2968
Solution
In this regard, we recommend that users install the latest patches in a timely manner to avoid being hacked.