Articles in this section

See more

Oracle Critical Patch Update for July 2018

Avatar
Irene Sha
Updated
Follow

 

Header.png

Oracle | Hyperion Products

Oracle Critical Patch Update Advisory – July 2018

Link to Updatehttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html  

Essential Oracle | Hyperion Products Affected:

  • Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18.1, 18.2
  • Oracle Java SE, versions 6u191, 7u181, 8u172, 10.0.1
  • Oracle Java SE Embedded, version 8u171
  • Oracle JRockit, version R28.3.18
  • Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3

Essential Oracle | Hyperion Related Products Affected:

  • Hyperion Data Relationship Management, version 11.1.2.4.330
  • Hyperion Financial Reporting, version 11.1.2
  • Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.x
  • Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7
  • Oracle Fusion Middleware, versions 12.2.1.2, 12.2.1.3
  • MySQL Server, versions 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior, 8.0.11 and prior

Patch Availability Document

This may be found through the Patch Availability Document column in the Critical Patch Update Advisor link. Please note that an Oracle Account sign in is required to view the Oracle support documents, including installation documentation. 

Assessment:

This Critical Patch Update (CPU) contains a total of 334 security related fixes across a variety of Oracle Products, including Oracle Database Server, Oracle Fusion Middleware, Oracle E-Business Suite, etc.125 of them are for non-Oracle Common Vulnerabilities and Exposures (CVEs), security fixes for third-party products that are included in traditional Oracle product distributions. Note that 90% of the critical vulnerabilities addressed in this CPU are for non-Oracle CVEs. (https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=465003478981276&id=2420273.1&_afrWindowMode=0&_adf.ctrl-state=1bs8wrwoc5_53)

The July 2018 CPU provides 44 new security fixes for Oracle Fusion Middleware. 38 of the vulnerabilities are remotely exploitable without authentication, and the most severe vulnerability has received a CVSS rating of 9.8. If exploited, this could lead to unauthorized access to confidential data, and potential take over of certain Oracle products. (http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html )

The July 2018 CPU also provides 3 new fixes for the Oracle Database and 2 new fixes for Hyperion. Highest CVSS score for these Database vulnerabilities is 9.8. Vulnerabilities related to these products may lead to unauthorized access to confidential data. (http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Oracle strongly recommends applying the patches as soon as possible. Should you have any questions on this matter, please do not hesitate to email us at support@goalgetters.com. Oracle’s next Critical Patch Update is scheduled for October 16th 2018.

Comments

0 comments

Please sign in to leave a comment.