- 242/2022
- Critical
Oracle released its critical patch updates for October 2022, containing (370) new security patches for multiple affected products. The remote attacker could exploit some of these vulnerabilities to take control of the affected system.
This critical patch update provides security updates to fix several vulnerabilities that may be remotely exploitable without authentication in a wide range of product families, including Oracle Banking Platform, Oracle Financial Services Applications, Oracle Database Products, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Analytics, and Oracle Communications Applications.
The complete list of the affected products: Oracle Advisory – October 2022
Samples of the addressed vulnerabilities:
1. Oracle Web Applications Desktop Integrator RCE Vulnerability (CVE-2022-39428):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Oracle VM VirtualBox Code Execution Vulnerability (CVE-2022-39427):
- CVSS: 8.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
You can find the detailed vulnerabilities in the following link:
Mitigations
The enterprise should deploy patches as soon as the testing phase is completed.