In total, Oracle fixed 252 vulnerabilities in its products
Oracle released the October security update Critical Patch Update 2017, which fixes a total of 252 vulnerabilities in a number of products, including Oracle Database Server and Java SE.
The company fixed vulnerabilities in the Java Virtual Machine and in five other components of Oracle Database Server. The most dangerous of the problems was rated at 8.8 on the CVSS scale. Two of them can be operated remotely without authorization.
Twenty-two vulnerabilities in the Java SE were also fixed, 20 of which are critical and can be exploited by a remote unauthenticated attacker, and some of them can be used to carry out a DoS attack. The most dangerous vulnerabilities were rated at 9.6 on the CVSS scale. In 2017, Oracle fixed 79 vulnerabilities on the Java platform, which is 113% more than last year.
Of the 252 vulnerabilities that were fixed in the October patch, 182 or 72% of the total affect Oracle’s business solutions. These include Sun Systems Products Suite (10 vulnerabilities), Oracle Retail (9), Siebel CRM (8), Supply Chain Products Suite (7), Virtualization (6), Database Server (6), Hyperion (4), JD Edwards Products (2), Financial Services Applications (2), Health Sciences Applications (1), Construction and Engineering Suite (1) and Enterprise Manager (1).
Of the 26 vulnerabilities that were fixed in Oracle E-Business Suite, 21 received a high degree of danger, 2 of them were of a low degree, and 3 were not classified. Vulnerabilities affect Oracle EBS 12.1 / 12.2. and allow an unauthorized attacker to gain access to important documents and information, including credit card information, customer information, employee data, and financial records.