Multiple critical vulnerabilities have been discovered in various Oracle products, potentially allowing attackers to execute arbitrary code on affected systems. This advisory outlines the risks, affected systems, and recommended mitigation actions.

Affected Devices:

1. Enterprise Manager for MySQL Database
2. JD Edwards EnterpriseOne
3. MySQL Cluster, Connectors and Servers
4. Oracle Database Server
5. Oracle E-Business Suite
6. Oracle Java SE
7. Oracle WebLogic Server

Vulnerabilities:

The vulnerabilities include various types of security flaws that could potentially allow attackers to:

1. Execute arbitrary code
2. Gain unauthorized access to sensitive information
3. Elevate privileges
4. Cause denial of service

Recommendations:

1. Apply Oracle's latest security patches immediately after appropriate testing.
2. Implement a documented vulnerability management process with regular reviews.
3. Establish and maintain a risk-based remediation strategy.
4. Perform automated application patch management monthly or more frequently.
5. Conduct regular vulnerability scans of internal enterprise assets.
6. Remediate detected vulnerabilities promptly based on risk assessment.
7. Keep network infrastructure up-to-date with the latest stable software releases.
8. Apply the Principle of Least Privilege to all systems and services.
 

Download the advisory

fnCyber Advisory - Oracle Patch Issued.pdf