Today, Oracle released their January 2017 Critical Patch Update, or CPU, that resolves a massive 270 vulnerabilities across all of their products. Of these 270 vulnerabilities, over 100 are remotely exploitable without authentication. Depending on the product, this means that an attacker can either remotely attack a particular product through specially crafted programs or exploit them via malicious web sites.

Once an attack successfully exploits a vulnerability, the attacker may be able to execute commands on the affected computer without the victim's knowledge or permission.

The two products with the most security updates are Oracle E-Business Suite Executive at 121 fixes and Oracle Financial Services Applications with 37. Java, which is notorious for being used by exploit kits to install malware on vulnerable systems had 17 new security fixes. Of these 17 vulnerabilities, 16 are can be exploited remotely.

Wiz

It is strongly suggested that all users of the affected Oracle products below, immediately upgrade to the latest version.

Affected Products and Versions Patch Availability
Oracle Database Server, version(s) 11.2.0.4, 12.1.0.2 Database
Oracle Secure Backup, version(s) prior to 12.1.0.3 Oracle Secure Backup
Spatial, version(s) prior to 1.2 Oracle Big Data Graph
Oracle Fusion Middleware, version(s) 11.1.1.7, 11.1.1.9, 11.1.2.3, 11.1.2.4, 12.1.3.0, 12.2.1.0, 12.2.1.1 Fusion Middleware
Oracle GlassFish Server, version(s) 2.1.1, 3.0.1, 3.1.2 Fusion Middleware
Oracle JDeveloper, version(s) 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle Outside In Technology, version(s) 8.5.2, 8.5.3 Fusion Middleware
Oracle Tuxedo, version(s) 12.1.1 Fusion Middleware
Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 Fusion Middleware
Application Testing Suite, version(s) 12.4.0.2, 12.5.0.2, 12.5.0.3 Enterprise Manager
Enterprise Manager Base Platform, version(s) 12.1.0.5, 13.1, 13.2 Enterprise Manager
Enterprise Manager Ops Center, version(s) 12.1.4, 12.2.2, 12.3.2 Enterprise Manager
Oracle E-Business Suite, version(s) 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 E-Business Suite
Oracle Transportation Management, version(s) 6.1, 6.2 Oracle Supply Chain Products
PeolpeSoft Enterprise HCM ePerformance, version(s) 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, version(s) 8.54, 8.55 PeopleSoft
JD Edwards EnterpriseOne Tools, version(s) 9.2.1.1 JD Edwards
Siebel Applications, version(s) 16.1 Siebel
Oracle Commerce Platform, version(s) 10.0.3.5, 10.2.0.5, 11.2.0.2 Oracle Commerce
Oracle Fusion Applications, version(s) 11.1.2 through 11.1.9 Fusion Applications
Oracle Communications Indexing and Search Service, version(s) prior to 1.0.5.28.0 Oracle Communications Indexing and Search Service
Oracle Communications Network Charging and Control, version(s) 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0 Oracle Communications Network Charging and Control
Oracle Communications Network Intelligence, version(s) 7.3.0.0 Oracle Communications Network Intelligence
Oracle FLEXCUBE Core Banking, version(s) 5.1.0, 5.2.0, 11.5.0 Oracle Financial Services Applications
Oracle FLEXCUBE Direct Banking, version(s) 12.0.0, 12.0.1, 12.0.2, 12.0.3 Oracle Financial Services Applications
Oracle FLEXCUBE Enterprise Limits and Collateral Management, version(s) 12.0.0, 12.0.2 Oracle Financial Services Applications
Oracle FLEXCUBE Investor Servicing, version(s) 12.0.1, 12.0.2, 12.0.4, 12.1.0, 12.3.0 Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, version(s) 2.0.1, 2.2.0, 12.0.1 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, version(s) 11.3.0, 11.4.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 Oracle Financial Services Applications
MICROS Lucas, version(s) 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5 MICROS Lucas
Oracle Retail Allocation, version(s) 12.0, 13.0, 13.1, 13.2, 13.3, 14.0, 14.1 Oracle Retail Allocation
Oracle Retail Assortment Planning, version(s) 14.1, 15.0 Oracle Retail Assortment Planning
Oracle Retail Order Broker, version(s) 4.1, 5.1, 5.2, 15.0, 16.0 Oracle Retail Order Broker
Oracle Retail Predictive Application Server, version(s) 13.1, 13.2, 13.3, 13.4, 14.0, 14.1, 15.0 Oracle Retail Predictive Application Server
Oracle Retail Price Management, version(s) 13.1, 13.2, 14.0, 14.1 Oracle Retail Price Management
Primavera P6 Enterprise Project Portfolio Management, version(s) 8.2, 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Oracle Java SE, version(s) 6u131, 7u121, 8u112 Oracle Java SE
Oracle Java SE Embedded, version(s) 8u111 Oracle Java SE
Oracle JRockit, version(s) R28.3.12 Oracle Java SE
Oracle VM Server for Sparc, version(s) 3.2, 3.4 Oracle and Sun Systems Products Suite
Solaris, version(s) 11.3 Oracle and Sun Systems Products Suite
Oracle VM VirtualBox, version(s) prior to 5.0.32, prior to 5.1.14 Oracle Linux and Virtualization
MySQL Cluster, version(s) 7.2.26 and prior, 7.3.14 and prior, 7.4.12 and prior Oracle MySQL Product Suite
MySQL Enterprise Monitor, version(s) 3.1.3.7856 and prior, 3.1.4.7895 and prior, 3.1.5.7958 and prior, 3.2.1.1049 and prior, 3.2.4.1102 and prior, 3.3.0.1098 and prior Oracle MySQL Product Suite
MySQL Server, version(s) 5.5.53 and prior, 5.6.34 and prior, 5.7.16 and prior Oracle MySQL Product Suite
tines

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

Korean Air data breach exposes data of thousands of employees

University of Phoenix data breach impacts nearly 3.5 million individuals

University of Phoenix discloses data breach after Oracle hack

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

University of Pennsylvania confirms new data breach after Oracle hack