Oracle on Tuesday announced the release of 508 new security patches as part of the July 2023 CPU, including more than 75 patches that resolve critical-severity vulnerabilities.
More than 350 of the security patches address vulnerabilities that can be exploited remotely, without authentication. Some of these flaws impact multiple products, Oracle’s advisory reveals.
As part of this quarterly set of security updates, Financial Services received the largest number of patches, at 147. Of the resolved vulnerabilities, 115 can be exploited by remote, unauthenticated attackers with network access.
Oracle’s July 2023 CPU includes 77 security patches for Communications, with 57 of the flaws remotely exploitable without authentication.
Fusion Middleware received 60 security patches, including fixes for 40 remotely exploitable, unauthenticated bugs. Communications Applications (40 patches – 30 issues exploitable remotely without authentication), Analytics (32 – 23), and MySQL (24 – 11) received numerous fixes as well.
On Tuesday, Oracle also announced patches for Utilities Applications, Supply Chain, Retail Applications, Java SE, PeopleSoft, Siebel CRM, Commerce, Enterprise Manager, Construction and Engineering, E-Business Suite, JD Edwards, and over a dozen other products.
Successful exploitation of some of these vulnerabilities may lead to complete application or system compromise, Oracle says. Many of the updates also include additional third-party patches.
On Tuesday, Oracle also released the July 2023 Solaris bulletin, which includes 17 new security patches, including 11 for vulnerabilities that are remotely exploitable, without authentication. Two of the vulnerabilities are rated ‘critical severity’.
The tech giant also announced the release of 42 new security patches as part of its July 2023 Linux bulletin.
Customers are advised to apply the available patches in a timely manner, or to block network access to unpatched applications, to reduce the risk of an attack. Unpatched Oracle products are known to have been targeted in the wild.
“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches,” the tech giant notes.
Related: Oracle Releases 433 New Security Patches With April 2023 CPU
Related: Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
Related: Oracle’s First Security Update for 2023 Includes 327 New Patches