This blog contains information regarding the Oracle Critical Patch Update. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.
Update October 19, 2021
11:00 | Four times a year, Oracle releases a patch update, which fixes (critical) vulnerabilities in their products. On the 19th of October 2021, the most recent patch update was released. Remarkable is the number of vulnerabilities with a high CVSS-score or which are relatively easy to exploit.
In total, Oracle solved 418 vulnerabilities with the October update. The vulnerabilities are spread over 32 products. For 11 of these products a vulnerability with a CVSS-score of 9.8 or higher was solved! The CVSS scale runs for 0 till 10. A score of 9.8 or higher is rare and implies a high risk of exploiting with a high impact.
In addition, a significant number of vulnerabilities can be exploited via the network without authentication required. This makes exploiting of the vulnerability easy accessible.
Detail information with regards to the vulnerabilities is currently limited.
Reason and background of this blog
This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.
Details regarding the vulnerabilities are not released yet, as is (large-scale) exploiting of certain vulnerabilities. However, with the release of the patches, cyber criminals usually also gain insight into the adjustments that have been made, and thus the possible vulnerabilities in the software. This increases the chance of exploiting the vulnerabilities.
Oracle has published an article that lists the affected products and versions. The advice is to check whether you are using these products and to install the available updates.
It is recommended to install the patch if it is available for your product(s). When a patch is not available for a given vulnerability, the following general advice applies:
- Apply a work-around, if provided by a supplier;
- Restrict network access to the system until a patch is available.
Do you want to be informed in time? Sign up for our technical updates
Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.