--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Critical Vulnerabilities in Multiple Oracle Products' version: '1.0' number: '2021-002' date: 'January 20, 2021' --- _History:_ * _20/01/2021 --- v1.0 -- Initial publication_ # Summary Oracle has published an advisory about **hundreds of critical vulnerabilities** are affecting several of its products [1]. Many of the vulnerabilities can be **remotely exploited without authentication and without user interaction**. Expedient patching of the affected products is highly recommended. # Technical Details The January 2021 Oracle Critical Patch Update contains **329 security patches** for multiples products [1]. These patches are addressing various risks such as remote code execution, denial of service, system takeover, sensible data accessing and modification [2]. # Affected products The following product families from Oracle are affected. For details of the affected versions, please consult [1, 2]: * Business Intelligence Enterprise Edition * Enterprise Manager * Hyperion * Instantis EnterpriseTrack * JD Edwards EnterpriseOne * MySQL * Oracle Adaptive Access Manager * Oracle Agile * Oracle Application * Oracle Argus Safety * Oracle BAM (Business Activity Monitoring) * Oracle Banking * Oracle BI Publisher * Oracle Business * Oracle Coherence * Oracle Communications * Oracle Complex Maintenance, Repair, and Overhaul * Oracle Configurator * Oracle Data Integrator * Oracle Database Server * Oracle E-Business Suite * Oracle Endeca Information Discovery Integrator * Oracle Enterprise * Oracle Financial * Oracle FLEXCUBE * Oracle Fusion Middleware MapViewer * Oracle Global * Oracle GoldenGate Application Adapters * Oracle GraalVM Enterprise Edition * Oracle Health Sciences Information Manager * Oracle Healthcare Master Person Index * Oracle Hospitality * Oracle Insurance * Oracle Java SE * Oracle Managed File Transfer * Oracle Outside In Technology * Oracle Real-Time Decision Server * Oracle Retail * Oracle SD-WAN Edge * Oracle Secure Backup * Oracle Transportation Management * Oracle Utilities Framework * Oracle VM VirtualBox * Oracle WebCenter * Oracle WebLogic Server * Oracle ZFS Storage Appliance Kit * PeopleSoft Enterprise * Primavera * Siebel Applications * StorageTek Tape Analytics SW Tool # Recommendations It is recommended to apply the patches from Oracle for all affected products. # References [1] [2]