Oracle pushes a critical patch update for multiple security vulnerabilities which are usually cummulative but also affects so many other components. Oracle is working on Critical Patch Update since year 2014 and till date, they’ve released 18 other critical patch updates.
For this quarter, oracle also recognizes more than 30 security researchers for bug reporting along with more than 80 CVE IDs has been assigned for various zero day vulnerabilities including Spectre and Meltdown who created an havoc last year. Essentially, Zero day vulnerabilities are flaws in a software that no one knows about – meaning no one has developed a way to stop hackers and malware from taking advantage of them. Knowing about one of these vulnerabilities makes it easier to break in – it’s as if someone left their door unlocked.
It is also essential to review the Critical Patch Update supporting documentation referenced in this Advisory before applying patches, as this is where you can find important pertinent information.
The next four dates for Critical Patch Updates are as follow:
- 16 October 2018
- 15 January 2019
- 16 April 2019
- 16 July 2019
Oracle’s Financial Services Applications received the most patches which is of around 56 and for MySQL database, it is near to 31.
According to ERPSCAN Report, around 60-65% attacks can be exploited remotely without any credentials and approximately 17 critical vulnerabilities has been discovered and reported by ERPScan researchers which includes Cross Site Scripting in JDE URLBuilderService, JDE GraphPrototype maflet, JDE MMDGView maflet, JDE TEDocWindow maflet ,SQL Injection in Oracle Business Process Management, SSI (Server Side Injection) in PSIGW Module and Remote Code Execution in Oracle MapViewer.
https://erpscan.com/press-center/blog/analyzing-oracle-security-oracle-critical-patch-update-july-2018/
Number of Vulnerabilities by Product –
| Product Family | Number of Patches |
| Financial Services Applications | 56 |
| Fusion Middleware | 44 |
| Retail Applications | 31 |
| MySQL | 31 |
| Hospitality Applications | 24 |
| Sun Systems Products Suite | 22 |
| PeopleSoft | 15 |
| Enterprise Manager Products Suite | 16 |
| E-Business Suite | 14 |
| Communications Applications | 14 |
| Virtualization | 12 |
| Construction and Engineering Suite | 11 |
| JD Ewards Products | 10 |
| Java SE | 8 |
| Supply Chain Products Suite | 8 |
| Utilities Applications | 4 |
| Database Server | 4 |
| Policy Automation | 3 |
| Hyperion | 2 |
| Insurance Applications | 2 |
| Siebel CRM | 1 |
| iLearning | 1 |
| Support Tools | 1 |
Let’s try a metaphor. Pretend you bought a security system for your house, because you need to protect an extremely valuable diamond.
Two years after the system is set up, the company that installed it for you notices a flaw: criminals who clap three times while bouncing on one leg cannot be detected. If the company that installed your security system offered to fix this vulnerability, free of charge, would you let them?
Of course you would. Think of patches the same way.
Oracle strongly recommends applying the patches as soon as possible.
If you want to report something to oracle being as a good security researcher, then you can also report it to secalert_us@oracle.com. Oracle always values the members of the independent security researchers who find and report security vulnerabilities and work with Oracle so that security fixes can be issued to all customers.
You may also like:- CTEM – A Strategic Approach to Mitigating Cyber Risks
- AI in Penetration Testing – Revolutionizing Security Assessments
- Protecting Your Organization from AI-Enhanced Social Engineering Attacks
- The Rise of AI-Powered Cyber Attacks in 2025
- Top 5 Penetration Testing Methodologies to Follow in 2025
- Top 10 Penetration Testing Tools Every Security Professional Should Know in 2025
- Emerging Trends in Vulnerability Assessment and Penetration Testing (VAPT) for 2025
- The Role of Cybersecurity in Protecting IoT Devices in 2025
- Understanding the Five Phases of Penetration Testing
- Top 20 Cybersecurity Career Options
