The high-risk vulnerability numbers are as follows: Thirty-four of the vulnerabilities could be exploited remotely without user authentication.
This security update releases 43 security patches for Oracle Retail Applications. Multiple vulnerabilities in Oracle Retail Applications:
An attacker could access the network via HTTP to compromise the products in the suite, allowing unauthorized access to critical data or full access to data accessible to all products in the suite. Five of the vulnerabilities could be exploited remotely without user authentication. This security update releases nine security patches for Oracle E-Business Suite. Multiple vulnerabilities in Oracle E-Business Suite: The high-risk vulnerabilities are as follows: Twenty-two of the vulnerabilities could be exploited remotely without user authentication. This security update releases 33 security patches for Oracle Communications Applications. Multiple vulnerabilities in Oracle Communications Applications: The security update released 84 security patches for Oracle Communications, 50 of which could be exploited remotely without user authentication. Oracle Communications Multiple Vulnerabilities: Attackers can access the network via HTTP to send malicious requests to control components in the product and gain full access to critical data. Six of the vulnerabilities could be exploited remotely without user authentication. This security update releases seven security patches for Oracle Insurance Applications. Multiple vulnerabilities in Oracle Insurance Applications: Thirty-seven of the vulnerabilities could be exploited remotely without user authentication. This security update releases 48 security patches for Oracle Financial Services Applications. Multiple vulnerabilities in Oracle Financial Services Applications: This security update released 78 security patches for Oracle MySQL, 3 of which can be exploited remotely without user authentication, that is, can be exploited over the network without user credentials. Multiple vulnerabilities in Oracle MySQL: An unauthenticated attacker sends a specially crafted request to the affected server through the HTTP protocol, which may achieve illegal access to critical data or complete access to all Oracle WebLogic Server data, causing sensitive Information disclosure. Oracle WebLogic Server has an information disclosure vulnerability. Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2022-21292/CVE-2022-21371):
An unauthenticated attacker sends a specially crafted malicious request to the server through the T3 protocol, which eventually leads to the execution of arbitrary code on the target server. Oracle WebLogic Server has a remote code execution vulnerability. Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2022-21306): Please pay attention to the relevant users:
Oracle strongly recommends that customers apply critical patch update fixes as soon as possible to remediate vulnerabilities.Īccording to the popularity of the product and the importance of the vulnerability, the most influential vulnerabilities contained in this update are screened out. , Oracle MySQL, Oracle Java SE, Oracle FusionMiddleware, Oracle Retail Applications and many other common products. This security update involves Oracle WebLogic Server. A total of 497 vulnerabilities of varying degrees were fixed this time. On January 19, 2022, NSFOCUS CERT monitoring found that Oracle officially released the CPU (Critical Patch Update) in January.