U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Oracle July 2017 Critical Patch Update addresses record-breaking 308 issues

Oracle just released the July 2017 Critical Patch Update (CPU) to address a total of 308 flaws in its solutions, it’s a record for the IT giant. Oracle issued its quarterly update, the July 2017 Critical Patch Update (CPU), that addresses 308 security vulnerabilities, 30 of them are rated as critical. This July 2017 Critical Patch Update […]

Oracle CVE-2026-46817

Oracle just released the July 2017 Critical Patch Update (CPU) to address a total of 308 flaws in its solutions, it’s a record for the IT giant.

Oracle issued its quarterly update, the July 2017 Critical Patch Update (CPU), that addresses 308 security vulnerabilities, 30 of them are rated as critical.

This July 2017 Critical Patch Update (CPU) addressed security vulnerabilities in 22 Oracle products, including Oracle Database Server, Oracle Enterprise Manager, Oracle Fusion Middleware, Oracle Hyperion, Oracle E-Business Suite, Oracle Industry Applications (Communications, Retail, and Hospitality), Oracle Primavera, Oracle Sun Products, Oracle Java SE, and Oracle MySQL.

27 out of 308 vulnerabilities addressed by Oracle were classified as critical flaws, they were rated with a CVSS score between 9.0 and 10.0, only one bug was rated 10. More than half of the issues addressed by the security patched can be exploited remotely without authentication.

One of the issues is a remote privilege escalation flaw tracked as CVE-2017-3632 in the Solaris CDE Calendar component. Other Solaris vulnerabilities could be exploited to power DDoS attacks or to allow unauthorized data alterations.

The Oracle Security update also addressed ten critical vulnerabilities in Java SE, nine of them rated 9.6. According to Oracle, 28 of 32 Java flaws “may be remotely exploitable without authentication”.

The CPU addressed 30 vulnerabilities in Oracle MySQL, 9 of them are remotely exploitable.

Experts are particularly concerned for about 30 vulnerabilities affecting PeopleSoft, 20 of them can be exploited over the network without user credentials.

The updates also fixed a critical flaw in Oracle WebLogic rated 10 and tracked as CVE-2017-10137 which could be exploited by hackers to elevate privileges.

One of the most severe issued in the E-Business Suite was an Information Disclosure flaw tracked as CVE-2017-10244. The issued can be exploited by an attacker “to exfiltrate sensitive business data without requiring a valid user account in the system,”

“This vulnerability is especially critical as an attacker would only need a web browser and network access to the EBS system to perform it. Any number of critical documents could be stored in the system including invoices, purchase orders, HR information and design documents to start. Even systems in DMZ mode do not ensure these systems are not vulnerable,” said Juan Perez-Etchegoyen, Onapsis CTO.

The huge number of vulnerabilities addressed by Oracle in the July 2017 Critical Patch Update (CPU) demonstrates how large is our surface of attack. Each flaw could be potentially exploited by attackers to break into one of the Oracle solutions.

Apply the security updates as soon as possible.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – July 2017 Critical Patch Update (CPU),Oracle)

[adrotate banner=”13″]