Oracle Issues 41 Security Fixes in Latest CPU
Oracle plugs a critical security hole in Oracle Application Server in its latest round of patches.Oracle released fixes for a total of 41 bugs in its April Critical Patch Update, including a serious vulnerability affecting Oracle Application Server. The CPU, Oracle's second of the year, includes 17 fixes for Oracle Database products, 11 for the Oracle E-Business Suite, six for the Oracle Siebel Enterprise Suite, three for Oracle Application Server, three for the PeopleSoft-JD Edwards Suite and one for Oracle Enterprise Manager.
The most serious of the vulnerabilities affects Oracle Application Server, specifically Oracle Jinitiator, and has a CVSS (Common Vulnerability Scoring System) rating of 9.3. Jinitiator allows a Web-enabled Oracle Forms client application to run within a browser. According to the company's advisory, the vulnerability applies only to the client portion of Application Server.