- 93/2023
- Critical
Oracle released its critical patch updates for April 2 023, containing (433) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a wide range of product families, including Oracle Banking Platform, Oracle Financial Services Applications, Oracle Database Products, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Fusion Middleware, and Oracle Communications Applications.
The complete list of the affected products:
Sample of the addressed vulnerabilities:
Oracle Communications Element Manager FEServer Vulnerability (CVE-2023- 25690):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy patches as soon as the testing phase is completed.