IDG News Service – Oracle is planning to ship 14 patches related to Java SE on Tuesday, including a number with the highest level of severity under the CVSS (common vulnerability scoring system) framework, according to a pre-release announcement on the company’s website.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” Oracle said.
The patch batch is aimed at security weaknesses in a number of products, including JDK and JRE 7 Update 4 and earlier; JDK and JRE 6 Update 32 and earlier; and JavaFX version 2.1 and earlier, according to the announcement.
A dozen of the 14 fixes can be exploited by an attacker remotely, with no username or password required, Oracle said. A number of the weaknesses have a CVSS base score of 10.0, the highest possible, but Oracle didn’t provide further specifics.
Oracle delivers Java SE patches on a quarterly basis, but on a different schedule than fixes for its other applications and middleware products.
The last Java SE patch release, which was delivered in February, also included 14 fixes.