Oracle is preparing to release 45 security fixes across hundreds of its products July 15 as part of its upcoming Critical Patch Update.
Although specific details about the vulnerabilities are scarce in the advisory, the most serious vulnerabilities, according to CVSS base scores, affect Oracle Application Server and Oracle WebLogic Server. In both cases, the highest score is 6.8.
All nine of the security fixes in the CPU that address vulnerabilities in Oracle Application Server can be exploited remotely without authentication. According to Oracle, none of these fixes apply to client-only installations. The components affected by the flaws include Hyperion BI Plus (formally Hyperion Performance Suite), Oracle HTTP Server, Oracle Internet Directory and Oracle Portal.
There are seven security fixes for Oracle WebLogic Server, three of which can be exploited remotely without authentication.
The company’s database products also have their share of fixes in the release-a total of 11-though none of them can be exploited remotely. The vulnerabilities affect a number of Oracle database components, including Advanced Querying, Advanced Replication and the core RDBMS (relational DBMS).
The release also contains three fixes affecting the Oracle TimesTen In-Memory Database, two for Oracle Enterprise Manager, six for Oracle E-Business Suite and Applications, and seven patches addressing vulnerabilities in Oracle PeopleSoft Enterprise products.
The 45 security patches would bring the total for the year to 112 vulnerabilities patched. After July 15, the next CPU release is slated for Oct. 14.