Oracle Critical Patch Update: Summary of New Vulnerabilities and Affected Products

Oracle announced a large‑scale quarterly Critical Patch Update (CPU) that addresses up to 433 newly discovered security vulnerabilities across many of its products. Several of these flaws have maximum CVSS scores of 10.0, and a significant number can be exploited remotely without any authentication, making them especially dangerous.

Key advisory from Oracle : The company strongly recommends that all customers apply the critical patches as soon as possible to mitigate the risk of successful attacks.

Products with notable vulnerabilities :

Oracle Communications Applications • Security patches: 58 • Highest CVSS: 10.0 • Unauthenticated remote exploits: 45

Oracle Construction and Engineering • Security patches: 20 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 15

Oracle E‑Business Suite • Security patches: 29 • Highest CVSS: 9.1 • Unauthenticated remote exploits: 23

Oracle Enterprise Manager • Security patches: 14 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 10

Oracle Financial Services Applications • Security patches: 38 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 26

Oracle Fusion Middleware • Security patches: 53 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 49

Oracle JD Edwards • Security patches: 6 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 6

Oracle MySQL • Security patches: 40 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 6

Oracle Retail Applications • Security patches: 39 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 34

Oracle Siebel CRM • Security patches: 5 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 5

Oracle Supply Chain • Security patches: 22 • Highest CVSS: 9.8 • Unauthenticated remote exploits: 18

Oracle Database Server • Security patches: 20 • Highest CVSS: 8.8 • Unauthenticated remote exploits: 1

Oracle GoldenGate • Security patches: 3 • Highest CVSS: 9.6 • Unauthenticated remote exploits: 1

Delaying the installation of these patches is a common cause of successful cyber‑attacks; therefore, timely patching is essential for maintaining the security of Oracle environments.