Oracle’s Latest Critical Patch Update: What’s included and what you need to know!
What is it?
Each quarter, Oracle releases a Critical Patch Update (CPU) bundle with a multitude of important patches, ranging from bugs to security fixes. Data Intensity recommends all customers apply these fixes in a regular cadence to reduce risks and help keep your environment secure and stable.
What’s important in this release?
Our evaluation of the April 2019 CPU identified some very important fixes.
- 296 vulnerabilities, in addition to previously released patches, across the Oracle product range. (Should be applied as soon as possible.)
- 46% open-source components used within Oracle products (eg: Oracle HTTP Server uses Apache)
- 62.5% non-Oracle vulnerabilities
- 85 are listed as either high or critical on the CVSS Scores (between 7 and 10)
- 6 new vulnerabilities (Highest of which scores 9.1 – Critical)
- Enterprise Manager/Grid Control
- 11 new vulnerabilities — 7 are remotely exploitable without authentication, highest score in 9.8 (out of 10!)
- Fusion Middleware
- 53 new vulnerabilities — 42 are remotely exploitable without authentication, highest score in 9.8 (out of 10!)
- Note: Fusion Middleware is often exposed to the internet so is often the highest risk.
- Oracle E-Business Suite
- 35 new vulnerabilities — 33 (94%) are remotely exploitable with authentication (Highest score in 8.2 – High)
- MySQL: 45 new security fixes
Ready to start patching?
To contact Data Intensity for more information regarding the application of these critical patches, use the contact form below.