Today, Oracle released their April 2017 Critical Patch Update, or CPU, that resolves a record breaking 299 vulnerabilities across all of their products. According to a report by ERPScan, this is the largest CPU released by Oracle. 

Of these 299 vulnerabilities, over 100 are remotely exploitable without authentication. This means that it is possible to remotely exploit the vulnerability through malicious web sites or via a remote attack depending on the particular software. Once an attack successfully exploits a vulnerability, the attacker may be able to execute commands on the affected computer without the victim's knowledge or permission.

The three products with the most security updates are Oracle Financial Services Applications with 47 vulnerabilities and Oracle Retail Applications and Oracle MySQL, which are tied at 39 fixes.  Java, which is notorious for being used by exploit kits to install malware on vulnerable systems had 8 new security fixes, with 7 of them being remotely exploitable.

Wiz

The ERPScan report also goes on to detail that one of the vulnerabilities they discovered in Oracle E-Business would allow attackers to remotely read business data from databases without authorization. For more detailed information about this CPU, ERPScan's report is a good read.

For those who use any of the following Oracle applications, it's unfortunately time to get updating.

Affected Products and Versions Patch Availability
Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2 Database
Oracle Secure Backup, version(s) prior to 12.1.0.3.0 Oracle Secure Backup
Oracle Berkeley DB, version(s) prior to 6.2.32 Berkeley DB
Oracle API Gateway, version(s) 11.1.2.4.0 Fusion Middleware
Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.0, 12.2.1.1 Fusion Middleware
Oracle Fusion Middleware MapViewer, version(s) 11.1.1.9, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle GlassFish Server, version(s) 3.1.2 Fusion Middleware
Oracle Identity Manager, version(s) 11.1.2.3.0 Fusion Middleware
Oracle Service Bus, version(s) 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle Social Network, version(s) prior to 11.1.12.0.0 (17019101) Fusion Middleware
Oracle WebCenter Content, version(s) 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle WebCenter Sites, version(s) 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle Hyperion Essbase, version(s) 11.1.2.2 Fusion Middleware
Enterprise Manager Base Platform, version(s) 12.1.0, 13.1.0, 13.2.0 Enterprise Manager
Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 E-Business Suite
Oracle Transportation Manager, version(s) 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1, 6.4.2 Oracle Supply Chain Products
PeopleSoft Enterprise CS Campus Community, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise FIN Receivables, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise FSCM, version(s) 9.1 PeopleSoft
PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55 PeopleSoft
PeopleSoft Enterprise SCM eBill Payment, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM eSupplier Connection, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM Purchasing, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM Service Procurement, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise SCM Strategic Sourcing, version(s) 9.2 PeopleSoft
JD Edwards EnterpriseOne Tools, version(s) 9.2 JD Edwards
Siebel Applications, version(s) 6.1, 6.2, 7.0, 7.1 Siebel
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, version(s) 6.1.4, 6.2.2, 6.3.0, 6.4.1.2, 6.5.0, 6.5.1, 6.5.2, 11.0, 11.1, 11.2 Oracle Commerce
Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9 Fusion Applications
Oracle Communications ASAP, version(s) 7.0, 7.2, 7.3 Oracle Communications ASAP
Oracle Communications Network Integrity, version(s) 7.2.4, 7.3.0 Oracle Communications Network Integrity
Oracle Communications Policy Management, version(s) 12.2 Oracle Communications Policy Management
Oracle Communications Security Gateway, version(s) 3.0.0 Oracle Communications Security Gateway
Oracle Communications Service Broker Engineered System Edition, version(s) 6.0, 6.1 Oracle Communications Service Broker Engineered System Edition
Oracle Communications Session Border Controller, version(s) SCZ7.3.0, SCZ7.4.0 Oracle Communications Session Border Controller
Oracle Financial Services Analytical Applications Infrastructure, version(s) 7.3.3, 7.3.4, 7.3.5 Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Asset Liability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Asset Liability Management
Oracle Financial Services Basel Regulatory Capital Basic, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3 Oracle Financial Services Basel Regulatory Capital Basic
Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach, version(s) 6.1.2, 6.1.3, 8.0.2, 8.0.3 Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach
Oracle Financial Services Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Data Foundation
Oracle Financial Services Data Integration Hub, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Data Integration Hub
Oracle Financial Services Enterprise Financial Performance Analytics, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Enterprise Financial Performance Analytics
Oracle Financial Services Funds Transfer Pricing, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Funds Transfer Pricing
Oracle Financial Services Hedge Management and IFRS Valuations, version(s) 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Hedge Management and IFRS Valuations
Oracle Financial Services Institutional Performance Analytics, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Institutional Performance Analytics
Oracle Financial Services Liquidity Risk Management, version(s) 8.0.1, 8.0.2, 8.0.4 Oracle Financial Services Liquidity Risk Management
Oracle Financial Services Loan Loss Forecasting and Provisioning, version(s) 1.5.0, 1.5.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Loan Loss Forecasting and Provisioning
Oracle Financial Services Pricing Management/Transfer Pricing Component, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Pricing Management, Transfer Pricing Component
Oracle Financial Services Profitability Management, version(s) 6.0.0, 6.1.0, 6.1.1, 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Financial Services Profitability Management
Oracle Financial Services Reconciliation Framework, version(s) 8.0.0, 8.0.1, 8.0.2 Oracle Financial Services Analytical Applications Reconciliation Framework
Oracle Financial Services Retail Customer Analytics, version(s) 8.0.0 to 8.0.3 Oracle Financial Services Retail Customer Analytics
Oracle Financial Services Retail Performance Analytics, version(s) 8.0.0 to 8.0.4 Oracle Financial Services Retail Performance Analytics
Oracle FLEXCUBE Direct Banking, version(s) 12.0.2, 12.0.3 Oracle Financial Services Applications
Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.1, 12.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0, 12.3.0 Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, version(s) 2.0.0, 2.0.1, 2.2.0.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 Oracle Financial Services Applications
Oracle Insurance Data Foundation, version(s) 8.0.1, 8.0.2, 8.0.3, 8.0.4 Oracle Insurance Data Foundation
Oracle Healthcare Master Person Index, version(s) 3.0.0.x and 4.0.1.x, prior to and 2.0.1.x Health Sciences
Oracle Hospitality OPERA 5 Property Services, version(s) 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x, 5.5.1.x Oracle Hospitality OPERA 5 Property Services
Oracle Insurance Istream, version(s) 4.3.2 and prior Oracle Insurance Applications
MICROS Lucas, version(s) 2.9.5.1, 2.9.5.2, 2.9.5.3, 2.9.5.4, 2.9.5.5 Retail Applications
MICROS Relate CRM Software, version(s) 10.0, 10.5, 10.8, 11.0, 11.1, 11.4, 15.0 Retail Applications
MICROS XBR, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1 Retail Applications
MICROS Xstore Payment, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0 Retail Applications
Oracle Retail Advanced Inventory Planning, version(s) 14.1, 15.0 Retail Applications
Oracle Retail Advanced Science Engine, version(s) 14.1 Retail Applications
Oracle Retail Analytic Parameter Calculator - RO, version(s) 15.0 Retail Applications
Oracle Retail Analytics, version(s) 14.0, 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Assortment Planning, version(s) 14.1.3, 15.0.1, 16.0.0 Retail Applications
Oracle Retail Back Office, version(s) 14.1 Retail Applications
Oracle Retail Category Management, version(s) 13.2, 13.3, 14.0, 14.1 Retail Applications
Oracle Retail Category Management Planning & Optimization, version(s) 15.0 Retail Applications
Oracle Retail Customer Insights, version(s) 15.0 Retail Applications
Oracle Retail Customer Management and Segmentation Foundation, version(s) 15.0 Retail Applications
Oracle Retail Demand Forecasting, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Invoice Matching, version(s) 12.0, 13.0, 13.1, 13.2, 14.0, 14.1 Retail Applications
Oracle Retail Item Planning, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Macro Space Optimization, version(s) 15.0.2 Retail Applications
Oracle Retail Merchandise Financial Planning, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Merchandising Insights, version(s) 15.0 Retail Applications
Oracle Retail Open Commerce Platform, version(s) 4.0, 5.0, 5.1, 5.3, 6.0, 6.1, 15.0, 16.0 Retail Applications
Oracle Retail Order Broker, version(s) 5.1, 5.2, 15.0, 16.0 Retail Applications
Oracle Retail Point-of-Service, version(s) 14.1.3 Retail Applications
Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.3.3, 13.4, 13.4.3, 14.0, 14.0.3, 14.1, 14.1.3, 15.0, 15.0.2, 16.0.0 Retail Applications
Oracle Retail Regular Price Optimization, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Replenishment Optimization, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Returns Management, version(s) 14.1 Retail Applications
Oracle Retail Size Profile Optimization, version(s) 14.1.3, 15.0.2 Retail Applications
Oracle Retail Store Inventory, version(s) 14.1, 15.0, 16.0 Retail Applications
Oracle Retail Warehouse Management System, version(s) 13.2, 14.0, 15.0 Retail Applications
Oracle Retail XBRi Loss Prevention, version(s) 10.0.1, 10.5.0, 10.6.0, 10.7.0, 10.8.0, 10.8.1 Retail Applications
Oracle Retail Xstore Point of Service, version(s) 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, 16.0 Retail Applications
Oracle Real-Time Scheduler, version(s) 2.2.0.3.13, 2.3.0.0, 2.3.0.1 Oracle Utilities Applications
Oracle Utilities Customer Self Service, version(s) 2.1.0.2.0 Oracle Utilities Applications
Oracle Utilities Framework, version(s) 2.2.0.0.0, 4.1.0.1.0, 4.1.0.2.0, 4.2.0.1.0, 4.2.0.2.0, 4.2.0.3.0, 4.3.0.1.0, 4.3.0.2.0, 4.3.0.3.0 Oracle Utilities Applications
Oracle Utilities Work and Asset Management, version(s) 1.9.1.2.11 Oracle Utilities Applications
Primavera Gateway, version(s) 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Primavera P6 Enterprise Project Portfolio Management, version(s) 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Primavera Unifier, version(s) 9.13, 9.14, 10.0, 10.1, 15.1, 15.2 Oracle Primavera Products Suite
Oracle Java SE, version(s) 6u141, 7u131, 8u121 Oracle Java SE
Oracle Java SE Embedded, version(s) 8u121 Oracle Java SE
Oracle JRockit, version(s) R28.3.13 Oracle Java SE
Oracle SuperCluster Specific Software, version(s) 2.3.8, 2.3.13 Oracle and Sun Systems Products Suite
Solaris, version(s) 10, 11.3, None Oracle and Sun Systems Products Suite
Solaris Cluster, version(s) 4.3 Oracle and Sun Systems Products Suite
StorageTek Tape Analytics SW Tool, version(s) prior to 2.2.1 Oracle and Sun Systems Products Suite
Sun ZFS Storage Appliance Kit (AK), version(s) AK 2013 Oracle and Sun Systems Products Suite
Oracle VM VirtualBox, version(s) prior to 5.0.38, prior to 5.1.20 Oracle Linux and Virtualization
Secure Global Desktop, version(s) 4.71, 5.2, 5.3 Oracle Linux and Virtualization
MySQL Cluster, version(s) 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior, 7.5.5 and prior Oracle MySQL Product Suite
MySQL Connectors, version(s) 2.1.5 and prior, 5.1.41 and prior Oracle MySQL Product Suite
MySQL Enterprise Backup, version(s) 3.12.3 and prior, 4.0.3 and prior Oracle MySQL Product Suite
MySQL Enterprise Monitor, version(s) 3.1.6.8003 and prior, 3.2.1182 and prior, 3.3.2.1162 and prior Oracle MySQL Product Suite
MySQL Server, version(s) 5.5.54 and prior, 5.6.35 and prior, 5.7.17 and prior, 5.7.11 to 5.7.17 Oracle MySQL Product Suite
MySQL Workbench, version(s) 6.3.8 and prior Oracle MySQL Product Suite
Automatic Service Request (ASR), version(s) prior to 5.7 Oracle Support Tools
Oracle Advanced Support Gateway, version(s) prior to 7.2 Oracle Support Tools
Oracle Trace File Analyzer (TFA), version(s) prior to 12.1.2.8.4 Oracle Support Tools
OSS Support Tools, version(s) prior to RDA 8.15.17.3.14 Oracle Support Tools
tines

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

Korean Air data breach exposes data of thousands of employees

University of Phoenix data breach impacts nearly 3.5 million individuals

University of Phoenix discloses data breach after Oracle hack

University of Pennsylvania confirms new data breach after Oracle hack

Dartmouth College confirms data breach after Clop extortion attack