Oracle’s January 2021 CPU Contains 329 New Security Patches

Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.

The January 2021 Critical Patch Update (CPU) addresses issues in both Oracle products and third-party components that are included in the company’s products, with some of the patches meant to address multiple vulnerabilities, some reported more than a year ago.

The January 2021 CPU also includes fixes for CVE-2020-14750, an exploited vulnerability in WebLogic Server, which Oracle addressed with the release of an out-of-band update on November 1, 2020.

Oracle’s quarterly collection of patches brings fixes for more than 20 products across the tech giant’s portfolio, with Fusion Middleware being affected the most: it received 60 patches, with 47 of the resolved vulnerabilities being remotely exploitable, without authentication.

Financial Services Applications comes in second, with a total of 50 fixes and 41 vulnerabilities that unauthenticated attackers can exploit remotely, followed by MySQL at 43 patches and 5 remotely exploitable, without authentication.

Retail Applications, with 32 patches and 20 vulnerabilities that can be exploited remotely without authentication, and E-Business Suite, with 31 fixes and 29 bugs remotely exploitable by unauthenticated attackers, round up the top five most impacted products.

Virtualization received 17 patches this month, but none of the addressed vulnerabilities could be exploited remotely without authentication. However, all of those addressed by the 11 fixes released for Supply Chain could be.

Oracle also released patches for Communications (12 fixes – 7 flaws remotely exploitable without authentication), Enterprise Manager (8 – 8), PeopleSoft (8 – 6), Communications Applications (8 – 6), Database Server (8 – 1), Construction and Engineering (7 – 5), Hyperion (7 – 5), JD Edwards (5 – 5), Health Sciences Applications (5 – 3), Systems (4 – 3), Siebel CRM (4 – 1), Insurance Applications (3 – 1), GraalVM (2 – 2), Food and Beverage Applications (2 – 1), Java SE (1 – 1), and Utilities Applications (1 – 1).

The tech company says that it continues to receive reports of threat actors attempting to exploit patched vulnerabilities, and it has advised customers to install the available updates as soon as possible, to ensure they are protected from such attacks.

Oracle’s next set of quarterly patches will be released on April 20, 2021.

Related: Recent Oracle WebLogic Vulnerability Exploited to Deliver DarkIRC Malware

Related: Oracle’s October 2020 CPU Contains 402 New Security Patches

Related: Oracle’s July 2020 CPU Includes 443 New Patches

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *