Oracle is planning to release an update that includes 24 security patches affecting numerous products, including the Oracle Database and Oracle E-Business Suite.
The update addresses 10 security vulnerabilities related to the database, including one in Oracle Secure Backup. Two of the vulnerabilities can be exploited remotely without authentication, Oracle said in a pre-patch advisory.
Oracle BEA products are the subject of five security fixes, all of which are remotely exploitable over a network without a user name and password. One of the security holes plugged by the update is a flaw in Oracle JRockit with a CVSS base score of 10.0, the highest score possible.
The update plugs three remotely exploitable security holes in Oracle’s application server, as well as providing a fix for the PeopleSoft and JD Edwards Suite. The update also has two new security fixes for the Oracle Primavera Products Suite and three for Oracle Application Server.
“These vulnerabilities are not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a user name and password,” Oracle said regarding the Primavera flaws.
More information about the critical patch update is available here. The update is scheduled to be released Jan. 12, the same day as Microsoft’s Patch Tuesday fix.