14 DAY TRIAL // Oracle has just released its quarterly security update addressing 73 vulnerabilities across its entire range of products, many of which are rated critical.
Six vulnerabilities were fixed in the Oracle Database Server. Two of them are remotely exploitable without authentication and the highest CVSS score of these flaws is 6.5.
Another nine vulnerabilities were addressed in Oracle Fusion Middleware, six of which can be exploited from a remote location.
One of these flaws, CVE-2010-4452, which is located in Oracle JRockit carries the maximum CVSS score of 10.0.
A single vulnerability was patched in the Oracle Enterprise Manager Grid Control. It carries a CVSS score of 5.5 and is not applicable to client-only installations.
Four security fixes address security holes in Oracle E-Business Suite. Two of them are exploitable over the network without authentication and have a 4.3 CVSS score.
Oracle Supply Chain Products Suite is affected by only one vulnerability, identified as CVE-2011-0837. It is remotely exploitable and carries a CVSS score of 4.3.
Fourteen security holes were plugged in Oracle PeopleSoft Products, the most serious of which carry a score of 5.5 on the CVSS scale. One of the vulnerabilities can be exploited over the network.
Eight security fixes concern Oracle JD Edwards Products and seven of them are remotely exploitable. The highest CVSS base score for these vulnerabilities is 6.8.
Three 4.3-scored remotely exploitable vulnerabilities were also patched in Oracle Siebel CRM and one in Oracle Industry Applications.
The highest number of vulnerabilities, eigtheen, were patched in the Oracle Sun Products Suite, seven of which were remotely exploitable. One flaw located in the Sun GlassFish Enterprise Server and Sun Java System Application Server carries the highest possible CVSS score.
Finally, eight security fixes targeted vulnerabilities in the Oracle Open Office Suite. Seven of them are remotely exploitable and six carry a CVSS base score of 9.3.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU [Critical Patch Update] fixes as soon as possible," the company writes in its advisory.