HUBCITYMEDIA

View Original

Oracle Releases Quarterly Security Patch Updates - April 2021

As part of Hub City Media’s ongoing efforts to ensure Oracle IAM environments remain secure, we are advising that Oracle has released their quarterly Security Patch Updates.

We've evaluated these updates and created a summary of critical patches that may be required for client environments. To maintain the best possible security posture, please review these patches with your team.

For assistance with applying these patches, contact us

See this content in the original post

Oracle WebLogic Server 10.3.6

Product: Oracle WebLogic Server 10.3.6.0.0

Subcomponent(s): TopLink Integration, Core, Console, Web Services

Patch Number: 32403651

 Vulnerability Details: Both easily exploitable and difficult to exploit vulnerabilities allowing unauthenticated or high privileged attackers with network access via HTTP, HTTPS, T3, or IIOP to compromise Oracle WebLogic Server.  Some successful attacks require human interaction from a person other than the attacker.  While the vulnerability is in Oracle WebLogic Server these attacks could significantly impact other products.  

Successful attacks can result in:

  • unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data

  • unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data 

  • unauthorized read access to a subset of Oracle WebLogic Server accessible data

  • unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server

Java SE 7

Product: Java SE 7

Subcomponent(s): Libraries 

 Patch Number: 32464070

 Vulnerability Details: Difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition.  Some of the attacks require additional human interaction but not all.  

 Successful attacks can result in:

  • unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data.

Oracle Solaris

Product: Oracle Solaris

 Subcomponent(s): Kernel

 Patch Number: 11.4.30.88.3

 Vulnerability Details: Easily exploitable vulnerability allows low privileged attackers with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.

 Successful attacks can result in:

  • Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris as well as unauthorized update, insert or delete access to some of Oracle Solaris accessible data.

Oracle Coherence

Product: Oracle Coherence

 Subcomponent(s): Core

 Patch Number: 32581736

 Vulnerability Details: Easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Coherence. 

 Successful attacks can result in:

  • Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Coherence accessible data.

In addition to the above patches, Oracle has released patches for several of their products. The entire list of products, which you may want to share within your organization, can be found here.