Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
The 17th of April fell this week, which means it is Oracle Critical Patch Update (CPU) time. The April 2014 CPU contains 104 fixes across Oracle's Database, Fusion Middleware, E-Business Suite, PeopleSoft, Siebel, iLearning, Oracle and Sun Systems Product Suite, MySQL, Oracle Linux and Virtualization and Oracle Java.
Read on for more information about what's included in this month's update.
Eighty-four of the fixes in this Critical Patch Update are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities. Seven products have fixes for vulnerabilities that allow for a complete takeover of the host: Oracle Database, Oracle Fusion, Hyperion, Supply Chain, Java, Virtualization and MySQL.
This update also includes two Oracle Database fixes. Both issues require authentication with advanced privileges. Fixes are available for all supported versions of Oracle Database, 11gR1, 11gR2 and 12c.
For MySQL customers, there are 14 MySQL fixes, three of them remotely exploitable without authentication and two (CVE-2014-2444 and CVE-2014-2436) that allow for the complete compromise of the host server by an authenticated network user.
Oracle Database Server Vulnerabilities:
Most severe MySQL Vulnerabilities:
We also highly recommend reading Oracle's verbose descriptions of the Vulnerabilities.
Trustwave's AppDetective Pro and DbProtect products will include checks to verify the installation of relevant Oracle Database and MySQL patches with the next update to the knowledgebase (KB 4.36) scheduled for a mid-May 2014.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.