- 156/2022
- Critical
Oracle has released its critical patch updates for July 2022, containing (349) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a wide range of product families, including Oracle Financial Services Applications, Oracle Database Products,
Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Blockchain Platform, Oracle GoldenGate, and Oracle Communications Applications.
Complete list of the affected products:
https://www.oracle.com/security-alerts/cpujul2022.html
Samples of the addressed vulnerabilities:
- Oracle PeopleSoft Enterprise PeopleTools unspecified (CVE-2022-21543):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
- Oracle Database Server unspecified (CVE-2022-21510):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Mitigations
The enterprise should deploy patches as soon as the testing phase is completed.