After confidential news of Microsoft going to patch one of the severe vulnerability through Tuesday update of Jan 14, 2020 went viral, Oracle has now announced that it's too going to release patch for 333 critical security vulnerabilities today (Jan 14, 2020) and asks everyone to update As soon as possible as most of the patches that was planned to release today are going to fix the vulnerabilities that may be exploited over a network without requiring user credentials, Oracle said in its blog.
Oracle is going to release patch for many applications that includes design communications, Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4,Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3, IP Service Activator, versions 7.3.4, 7.4.0, Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3, Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3, Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.2, 8.3,Unified Inventory Management, versions 7.3, 7.4, Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2 and Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3.
"No wonder Oracle claiming, CVSS((Common Vulnerability Scoring System) Score for them is 9.8 Out of 10 (10 is the Maximum, meaning Most severe vulnerability) as out of 21 security patches 19 of these vulnerabilities may be remotely exploitable without authentication"
Other than the above, you can expect Patch for Oracle Financial Services Applications like Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0, Oracle Banking Payments, versions 14.1.0-14.3.0, Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8,Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7, Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0,Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0, Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0
Oracle Food and Beverage Applications like Hospitality Suites Management, Oracle Fusion Middleware applications like Identity Manager, Oracle Big Data Discovery, Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio,Oracle Enterprise Repository, version 12.1.3.0.0,Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0, Oracle Outside In Technology, version 8.5.4,Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0,Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0,Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0,Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0, Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
Oracle is going to release patch for many applications that includes design communications, Diameter Signaling Router (DSR), versions 8.0, 8.1, 8.2, 8.3, 8.4,Interactive Session Recorder, versions 6.0, 6.1, 6.2, 6.3, IP Service Activator, versions 7.3.4, 7.4.0, Border Controller, versions 7.4, 8.0, 8.1, 8.2, 8.3, Session Router, versions 7.4, 8.0, 8.1, 8.2, 8.3, Subscriber-Aware Load Balancer, versions 7.3, 8.1, 8.2, 8.3,Unified Inventory Management, versions 7.3, 7.4, Oracle Enterprise Communications Broker, versions PCz3.0, PCz3.1, PCz3.2 and Oracle Enterprise Session Border Controller, versions 7.5, 8.0, 8.1, 8.2, 8.3.
"No wonder Oracle claiming, CVSS((Common Vulnerability Scoring System) Score for them is 9.8 Out of 10 (10 is the Maximum, meaning Most severe vulnerability) as out of 21 security patches 19 of these vulnerabilities may be remotely exploitable without authentication"
Other than the above, you can expect Patch for Oracle Financial Services Applications like Banking Corporate Lending, versions 12.3.0-12.4.0, 14.0.0-14.3.0, Oracle Banking Payments, versions 14.1.0-14.3.0, Oracle Financial Services Analytical Applications Infrastructure, versions 7.3.3-7.3.5, 8.0.0-8.0.8,Oracle Financial Services Funds Transfer Pricing, versions 8.0.2-8.0.7, Oracle Financial Services Revenue Management and Billing, versions 2.7.0.0, 2.7.0.1, 2.8.0.0,Oracle FLEXCUBE Investor Servicing, versions 12.1.0-12.4.0, 14.0.0-14.1.0, Oracle FLEXCUBE Universal Banking, versions 12.0.1-12.4.0, 14.0.0-14.3.0
Oracle Food and Beverage Applications like Hospitality Suites Management, Oracle Fusion Middleware applications like Identity Manager, Oracle Big Data Discovery, Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Endeca Information Discovery Integrator, Oracle Endeca Information Discovery Studio,Oracle Enterprise Repository, version 12.1.3.0.0,Oracle HTTP Server, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0, Oracle Outside In Technology, version 8.5.4,Oracle Reports Developer, versions 12.2.1.3.0, 12.2.1.4.0,Oracle Security Service, versions 11.1.1.9.0, 12.1.3.0.0, 12.2.1.3.0,Oracle Tuxedo, versions 12.1.1.0.0, 12.1.3.0.0,Oracle WebCenter Sites, versions 12.2.1.3.0, 12.2.1.4.0, Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0
Oracle Retail Applications like Oracle Retail Assortment Planning, versions 14.1.3, 15.0.3, 16.0.3, 16.0.3.173, Oracle Retail Brand Compliance Management Cloud Service, version 18.1,Oracle Retail Clearance Optimization Engine, versions 13.4, 14.0, 14.0.3, 14.0.5,Oracle Retail Customer Management and Segmentation Foundation, versions 16.0, 17.0, 18.0,Oracle Retail Markdown Optimization, versions 13.4, 13.4.4, Oracle Retail Order Broker, versions 5.2, 15.0, 16.0, 18.0,Oracle Retail Predictive Application Server, versions 15.0.3, 16.0.3, Oracle Retail Sales Audit, version 12.0
They do have CVSS score of 9.8
Apart from the above Oracle is going to release patch for many Oracle Software's like Oracle Utilities applications, Virtualization based ,etc ones so don't miss to patch to safeguard you and your users..
You can read the complete list of patch details on the Official source.
Credits and Source : Oracle
