Vulnerability

Oracle Critical Patch Update

This blog contains information regarding the Oracle Critical Patch Update. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Clip path group@2x

T-Update

Information about vulnerabilities

This blog contains information regarding the Oracle Critical Patch Update. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog.

Update October 19, 2021

11:00 | Four times a year, Oracle releases a patch update, which fixes (critical) vulnerabilities in their products. On the 19th of October 2021, the most recent patch update was released. Remarkable is the number of vulnerabilities with a high CVSS-score or which are relatively easy to exploit.

In total, Oracle solved 418 vulnerabilities with the October update. The vulnerabilities are spread over 32 products. For 11 of these products a vulnerability with a CVSS-score of 9.8 or higher was solved! The CVSS scale runs for 0 till 10. A score of 9.8 or higher is rare and implies a high risk of exploiting with a high impact.

In addition, a significant number of vulnerabilities can be exploited via the network without authentication required. This makes exploiting of the vulnerability easy accessible.
Detail information with regards to the vulnerabilities is currently limited.

Customized cyber security

Background

Oracle has published an article that lists the affected products and versions. The advice is to check whether you are using these products and to install the available updates. It is recommended to install the patch if it is available for your product(s). When a patch is not available for a given vulnerability, the following general advice applies: Apply a work-around, if provided by a supplier; Restrict network access to the system until a patch is available.

Risk

Details regarding the vulnerabilities are not released yet, as is (large-scale) exploiting of certain vulnerabilities. However, with the release of the patches, cyber criminals usually also gain insight into the adjustments that have been made, and thus the possible vulnerabilities in the software. This increases the chance of exploiting the vulnerabilities.

Advice

Ellipse 6

Sign up to receive T-Updates

Receive the latest vulnerabilities in your email every Wednesday

More than 1,000 organisations have already joined us.

Tesorion gebruikt jouw gegevens voor het versturen van de gevraagde informatie. Daarnaast worden je gegevens mogelijk gebruikt voor commerciële opvolging. Je kunt je op elk gewenst moment hiervoor afmelden via de link in de e-mail. Lees voor meer informatie ons privacybeleid.

Ellipse 6