Oracle Critical Updates

Oracle has released its Critical Patch Update for October 2013 to address 127 vulnerabilities across multiple products.
It consists of 51 Java vulnerabilities, 21 have a CVSS scores of at least 9 ie. The attack vector is so hight that an attacker could control the vulnerability to hack the system. 12 vulnerabilities have a CVSS score of 10, which means and attacker could use these vulnerabilities to hijack a system distantly without requiring verification.
Qualys CTO Wolfgang Kandek states that many of the 76 other vulnerabilities addressed in Oracle’s other products allow for remote unauthenticated access for an attacker. Therefore IT admins to apply these patches, predominantly those connecting to applications that are accessible through the internet
This update contains the following security fixes:
• 6 for Oracle Industry Applications
• 1 for Oracle Financial Services Software
• for Oracle Supply Chain Products Suite
• 8 for Oracle PeopleSoft Products
• 9 for Oracle Siebel CRM
• 2 for Oracle Primavera Products Suite
• 17 for Oracle Fusion Middleware
• 4 for Oracle Enterprise Manager Grid Control
• 1 for 51 for Oracle Java SE
• 12 for Oracle and Sun Systems Products Suite
• 2 for Oracle Virtualization
• 8 for Oracle MySQL
• 2 for Oracle Database Oracle E-Business Suite
• 2 for Oracle iLearning
Visit oracle website for more in-depth analysis


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s