Executive Briefings

Oracle Reportedly Fixes Hundreds of Vulnerabilities That Put Enterprise Data at Risk

Oracle's October security update is one of the largest ever, fixing more than 250 vulnerabilities in enterprise products that are used to store and work with business data, the company reported.

About 40 percent of the patched flaws are located in Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server. Many of these flaws can be exploited remotely without authentication to compromise the affected components, according to data analysts.

In total, Oracle's October Critical Patch Update (CPU) contains 253 security fixes across hundreds of products including database servers, networking components, operating systems, application servers and ERP systems.

In databases, 31 flaws were patched in MySQL and 12 in the Oracle Database Server.

"Databases are typically not exposed to the internet, but administrators should plan on patching for CVE-2016-6304, CVE-2016-5598 and CVE-2010-5312 as they are remotely exploitable and attackers can use them after compromising another system on the network," said Amol Sarwate, director of the vulnerability labs at security vendor Qualys.

Read Full Article

About 40 percent of the patched flaws are located in Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server. Many of these flaws can be exploited remotely without authentication to compromise the affected components, according to data analysts.

In total, Oracle's October Critical Patch Update (CPU) contains 253 security fixes across hundreds of products including database servers, networking components, operating systems, application servers and ERP systems.

In databases, 31 flaws were patched in MySQL and 12 in the Oracle Database Server.

"Databases are typically not exposed to the internet, but administrators should plan on patching for CVE-2016-6304, CVE-2016-5598 and CVE-2010-5312 as they are remotely exploitable and attackers can use them after compromising another system on the network," said Amol Sarwate, director of the vulnerability labs at security vendor Qualys.

Read Full Article