Oracle | Hyperion Products
Oracle Critical Patch Update Advisory – April 2018
Essential Oracle | Hyperion Products Affected:
- Oracle Database Server, versions 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206
- Oracle Business Intelligence Enterprise Edition, versions 220.127.116.11.0, 18.104.22.168.0, 22.214.171.124.0, 126.96.36.199.0
- Oracle Java SE, versions 6u181, 7u161, 7u171, 8u152, 8u162, 10
- Oracle Java SE Embedded, versions 8u152, 8u161
- Oracle JRockit, version(s) R28.3.17
- Oracle WebLogic Server, versions 10.3.6.0, 188.8.131.52, 184.108.40.206, 220.127.116.11
Essential Oracle | Hyperion Related Products Affected:
- Enterprise Manager Base Platform, versions 18.104.22.168, 22.214.171.124
- Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
- Oracle Fusion Middleware, versions 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124
- Oracle Fusion Applications , versions 11.1.2 through 11.1.9
- MySQL Server, versions 5.5.59 and prior, 5.6.39 and prior, 5.7.21 and prior
Patch Availability Document:
This may be found through the Patch Availability Document column in the Critical Patch Update Advisor link. Please note that an Oracle Account sign in is required to view the Oracle support documents, including installation documentation.
This Critical Patch Update (CPU) contains a total of 254 security related fixes across a variety of Oracle Products, including Oracle Database Server, Oracle Fusion Middleware, Oracle E-Business Suite, etc. 95 of them are for non-Oracle Common Vulnerabilities and Exposures (CVEs), security fixes for third-party products that are included in traditional Oracle product distributions (https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=385799842240476&id=2383583.1&_afrWindowMode=0&_adf.ctrl-state=657sbocfs_102).
The April 2018 CPU provides 1 new fix for Oracle Database, receiving a CVSS base rating of 8.5. If exploited, this vulnerability could result in takeover of Java VM.
The April 2018 CPU provides 39 new security fixes for Oracle Fusion Middleware. 31 of the vulnerabilities are remotely exploitable without authentication, and many of these have received a CVSS rating of 8.0 and up. If exploited, many of these bugs could lead to unauthorized access to confidential data, and potential take over of certain Oracle products. (http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html).
The April 2018 CPU also provides 12 security fixes for Oracle E-Business Suite, majority of which can be remotely exploited without authentication. Successful attacks can lead to unauthorized access to critical data.
Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at firstname.lastname@example.org. Oracle’s next Critical Patch Update is scheduled for July 17th 2018.