Oracle’s Latest Critical Patch Update: What’s included and what you need to know!
Oracle’s Latest Critical Patch Update: What’s included and what you need to know!
By Adrian Ashley
On 29 July 2019

What is it?

Each quarter, Oracle releases a Critical Patch Update (CPU) bundle with a multitude of important patches, ranging from bugs to security fixes. Data Intensity recommends all customers apply these fixes in a regular cadence to reduce risks and help keep your environment secure and stable.

What’s important in this release?

Our evaluation of the July 2019 CPU identified some very important fixes.

Please note:

  • 319 vulnerabilities, in addition to previously released patches, across the Oracle product range. (Should be applied as soon as possible.)
  • 46% open-source components used within Oracle products (eg: Oracle HTTP Server uses Apache)
  • 49.21% non-Oracle vulnerabilities
    • 96 listed as high or critical on the CVSS Scores (between 7 and 10)
  • Database
    • 9 new vulnerabilities (Highest of which scores 9.8 – Critical)
  • Enterprise Manager/Grid Control
    • 12 new vulnerabilities — 10 are remotely exploitable without authentication, (highest score in 9.8 out of 10!)
  • Fusion Middleware
    • 33 new vulnerabilities — 28 are remotely exploitable without authentication, (highest score in 9.8 out of 10!)
    • Note: Fusion Middleware is often exposed to the internet so is often the highest risk. This patch update includes the two recent 9.8 alerts for WebLogic. It is important to note that WebLogic is often embedded in other Oracle products so these may also be vulnerable e.g. Oracle Enterprise Manager, Oracle Exadata and Oracle VM Manager, all have upgrades released to overcome these vulnerabilities.
  • Oracle E-Business Suite
    • 13 new vulnerabilities — 12 (92%) are remotely exploitable with authentication (Highest score in 9.6 – Critical (Oracle Field Sales), next highest is 9.1 - Critical (Oracle Payments))
  • MySQL: 43 new security fixes

Ready to start patching?

To contact Data Intensity for more information regarding the application of these critical patches, use the contact form below.

Get in touch

We always put our customers first. Contact us by using the form below, and we will get back to you as soon as we can.

Please make sure to use a valid company email.
Please make sure to use a valid email format.

Data Intensity Solutions you are interested in (Select one that applies)