Security Review of Oracle's April 2023 Patch Tuesday Update
Oracle Releases Critical Patch Update for Q2 2023
Oracle has announced its latest Critical Patch Update (CPU) for Q2 2023, addressing a significant number of vulnerabilities across its product suite. The update includes a total of 433 security patches, aiming to protect customers from potential threats.
Oracle Essbase, MySQL, and Communications Lead the Way
The update contains four new security patches for Oracle Essbase, all of which are remotely exploitable without authentication. Additionally, it includes 34 new security patches for Oracle MySQL, out of which 11 are remotely exploitable. The Oracle Communications product suite has the highest number of patches at 77, constituting 17% of the total patches.
Oracle Communications, Financial Services, and Retail Applications Under Spotlight
The Critical Patch Update for Oracle Communications contains 77 new security patches, out of which 65 are remotely exploitable without authentication. Notable vulnerabilities with a CVSS v3.1 Base Score of 9.8 include CVE-2022-43401 and CVE-2022-43402.
Oracle Financial Services Applications and Oracle Fusion Middleware follow closely, with 76 and 49 patches respectively, and 59 and 44 patches being remotely exploitable without authentication respectively. The Critical Patch Update for Oracle Communications Applications contains 18 new security patches, out of which 13 are remotely exploitable without authentication, and CVE-2020-35168, CVE-2022-1471, and CVE-2022-36760 are the vulnerabilities with the CVSS v3.1 Base Score of 9.8.
The Critical Patch Update for Oracle Retail Applications contains 22 new security patches, with 16 of the vulnerabilities being remotely exploitable without authentication, and the highest CVSSv3.1 Base Score for Oracle Retail Applications vulnerabilities being 9.8. Notable products affected include Oracle Retail Fiscal Management, Oracle Retail Merchandising System, Oracle Retail Invoice Matching, Oracle Retail Price Management, and Oracle Retail Xstore.
Oracle E-Business Suite, Oracle Database Server, and Oracle Enterprise Manager
The Critical Patch Update for Oracle E-Business Suite contains four new security patches, with the highest CVSS v3.1 Base Score of vulnerabilities being 6.5. The Oracle E-Business Suite products affected by vulnerabilities are Oracle iReceivables, Oracle iProcurement, Oracle User Management, and Oracle Application Object Library.
The Critical Patch Update for Oracle Enterprise Manager contains four new security patches, with three of the vulnerabilities being remotely exploitable without authentication, and the highest CVSS v3.1 Base Score being 7.5. The Oracle Enterprise Manager products affected by vulnerabilities are Oracle Application Testing Suite and Oracle Enterprise Manager Ops Center.
The Critical Patch Update for Oracle Database Server contains five new security patches, out of which one is remotely exploitable without authentication.
Addressing Third-Party Components
It's worth noting that the Critical Patch Update addresses vulnerabilities not only in Oracle code but also in third-party components included in Oracle products.
Non-Oracle CVEs
Interestingly, 79% of the security patches are for non-Oracle Common Vulnerabilities and Exposures (CVEs).
For more detailed information about the Critical Patch Update, users are advised to visit the Oracle Support website.
Read also:
- Deepwater Horizon Oil Spill: BP Faces Record-Breaking Settlement - Dubbed 'Largest Environmental Fine Ever Imposed'
- Cars' Environmental Impact Explained
- Lawsuit of Phenomenal Magnitude: FIFA under threat due to Diarra's verdict, accused of player injustice
- Union IG Metall advocates for a swifter expansion of electrical mobility in the Eastern region.
