Oracle released its first batch of security patches this year, fixing 270 vulnerabilities, mostly in business-critical applications. Many of the flaws can be exploited remotely without authentication.
The majority of the fixes are for flaws in business products such as Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products, and Oracle Database Server.
E-Business Suite, which is used by companies to store key data and manage a wide range of business processes, accounts for more than 40 percent of the patched vulnerabilities—121. Out of these, 118 are remotely exploitable and the highest rated one has a score of 9.2 (critical) in the Common Vulnerability Scoring System.
Another 37 vulnerabilities were patched in Oracle Financial Services, 18 in Oracle Fusion Middleware, eight in Oracle Retail Applications, eight in Oracle PeopleSoft and 4 in the Oracle Primavera Products Suite. These products are used across a variety of industries.
“Oracle updates are huge and touch a wide range of products,” said Amol Sarwate, director of vulnerability labs at Qualys, in a . “As compared to older CPUs this was a regular-sized update but is bound to keep administrators busy due to the sheer number of vulnerabilities and products it touches.”
Oracle releases CPUs on a quarterly basis, the next one being scheduled for April 18th.