Jan 18, 2011 09:58 GMT  ·  By

Oracle's Critical Patch Update scheduled to land tomorrow will address a total number of 66 security vulnerability affecting numerous versions of its products.

Several vulnerabilities carry the maximum Common Vulnerability Scoring System (CVSS) 2.0 base score of 10.0. They affect Audit Vault, JRockit, Solaris and the WebLogic Server.

Six vulnerabilities that will be patched affect components of the Oracle Database Server. Two of them are remotely exploitable and  the most critical one has a CVSS score of 7.5.

The Oracle Secure Backup product is affected by one remotely exploitable vulnerability that will be fixed. It has a 6.4 CVSS base score and is located in mod_ssl.

Oracle Audit Vault is also affected by a single vulnerability that can be attacked remotely without authentication and, as previously mentioned, carries a score of 10.0.

Sixteen flaws will be addressed in applications that are part of the Oracle Fusion Middleware software pack. Twelve of them are remotely exploitable.

Oracle Enterprise Manager Grid Control will also get fixes for two vulnerabilities exhibiting remote attack vectors, the most severe of which carries a 7.5 score.

Two remotely exploitable vulnerabilities will be patched in the Oracle Applications, but their highest CVSS base score is only 4.3.

Three flaws will be addressed in programs from the Oracle Supply Chain Products Suite. None of them can be exploited from a remote location and their maximum score is 3.5.

The Oracle PeopleSoft and JDEdwards Suite contain 10 vulnerabilities that will receive patches. Two are remotely exploitable and carry a score of 5.5.

The Oracle Industry Applications will get security fixes for two flaws, only one of which allows for remote attacks and is rated with a score of 7.5.

Two remotely exploitable vulnerabilities, with a high score of 9.3, will be addressed in the popular Oracle Open Office Suite, which includes Open Office, StarOffice and StarSuite.

However, the largest number of patches, 21, will be delivered for vulnerabilities in the Oracle Sun Products Suite, which includes the Solaris operating system and the VirtualBox virtualization software. Nine of them are remotely exploitable and the maximum CVSS base score is 10.0.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the company says.