Oracle Warns of Critical DB Server Vulnerabilities

The database server giant plans to issue patches for at least 41 vulnerabilities across hundreds of product lines.

Database server giant Oracle plans to ship a major security update on Tuesday, April 15 to cover more than 40 vulnerabilities in a wide range of products.
The fixes are part of the company's quarterly CPU (critical patch update) and will cover severe vulnerabilities across hundreds of Oracle products.
According to Oracle's advance notice, 17 of the 41 flaws were discovered in its flagship Oracle Database, including two for Oracle Application Express.
"Two of these vulnerabilities may be remotely exploited without authentication, i.e., may be exploited over a network without the need for a username and password," the company warned.
The April patch batch also contains three new security fixes for Oracle Application Server. "All of these vulnerabilities may be remotely exploited without authentication," the company said.
It also contains 11 new security fixes for the Oracle E-Business Suite; a solitary patch for the Oracle Enterprise Manager; three updates for Oracle PeopleSoft Enterprise products; and six new security fixes for Oracle Siebel SimBuilder products.
The full list of products and versions affected:

  • Oracle Database 11g, version
  • Oracle Database 10g Release 2, versions,
  • Oracle Database 10g, version
  • Oracle Database 9i Release 2, versions,
  • Oracle Application Server 10g Release 3 (10.1.3), versions,
  • Oracle Application Server 10g Release 2 (10.1.2), versions,,
  • Oracle Application Server 10g (9.0.4), version
  • Oracle Collaboration Suite 10g, version 10.1.2
  • Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.4
  • Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2
  • Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09
  • Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
  • Oracle Siebel SimBuilder versions 7.8.2, 7.8.5