---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Multiple Vulnerabilities in Oracle Products'
version: '1.0'
number: '2018-027'
date: 'October 19, 2018'
---

_History:_

* _19/10/2018 --- v1.0 -- Initial publication_

# Summary

On 16th of October 2018, Oracle released a critical patch bundle that addresses several security vulnerabilities. The patch contains 301 new fixes since the last patch. The addressed vulnerabilities affect many Oracle products including among others Oracle Database, Oracle Communications, Enterprise Manager, Fusion Middleware, Java, MySQL, Retail Applications, Peoplsoft, and others.

# Technical Details

The vulnerabilities affect a large number of Oracle products that can be potentially exploited. In most of the listed vulnerabilities the adversary can  exploit various protocols remotely without prior authentication [1]. The patches are cumulative. That means, it is only a complementary update to the systems since the previous update.

# Versions Affected

Please refer to the Oracle's Critical Patch Update Advisory - October 2018 [1].

# Recommendations

1. Depending on your Oracle software, address all the previous patch releases [2].
2. Apply the missing patches as soon as possible .

# References

[1]	<https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html>

[2] <https://www.oracle.com/technetwork/topics/security/alerts-086861.html>