- 171/2023
- Critical
Oracle released its critical patch updates for July 2023, containing (508) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
This critical patch update includes security updates addressing numerous vulnerabilities that could potentially be exploited remotely without authentication. The affected product families span a broad-spectrum covering Oracle Access Manager, Oracle Financial Services Applications, Oracle Banking Branch, Oracle E-Business Suite, Oracle Banking Cash Management, and various other products.
The complete list of the affected products: Oracle Advisory – July 2023
Sample of the addressed vulnerabilities:
Oracle MySQL Enterprise Monitor Vulnerability (CVE-2023-20862):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.