Oracle Releases Quarterly Security Patch Updates - April 2021
As part of Hub City Media’s ongoing efforts to ensure Oracle IAM environments remain secure, we are advising that Oracle has released their quarterly Security Patch Updates.
We've evaluated these updates and created a summary of critical patches that may be required for client environments. To maintain the best possible security posture, please review these patches with your team.
For assistance with applying these patches, contact us.
Oracle WebLogic Server 10.3.6
Product: Oracle WebLogic Server 10.3.6.0.0
Subcomponent(s): TopLink Integration, Core, Console, Web Services
Patch Number: 32403651
Vulnerability Details: Both easily exploitable and difficult to exploit vulnerabilities allowing unauthenticated or high privileged attackers with network access via HTTP, HTTPS, T3, or IIOP to compromise Oracle WebLogic Server. Some successful attacks require human interaction from a person other than the attacker. While the vulnerability is in Oracle WebLogic Server these attacks could significantly impact other products.
Successful attacks can result in:
unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data
unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data
unauthorized read access to a subset of Oracle WebLogic Server accessible data
unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server
Java SE 7
Product: Java SE 7
Subcomponent(s): Libraries
Patch Number: 32464070
Vulnerability Details: Difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Some of the attacks require additional human interaction but not all.
Successful attacks can result in:
unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.
Oracle Solaris
Product: Oracle Solaris
Subcomponent(s): Kernel
Patch Number: 11.4.30.88.3
Vulnerability Details: Easily exploitable vulnerability allows low privileged attackers with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.
Successful attacks can result in:
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris as well as unauthorized update, insert or delete access to some of Oracle Solaris accessible data.
Oracle Coherence
Product: Oracle Coherence
Subcomponent(s): Core
Patch Number: 32581736
Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Coherence.
Successful attacks can result in:
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data.
In addition to the above patches, Oracle has released patches for several of their products. The entire list of products, which you may want to share within your organization, can be found here.