{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-053.pdf"
    },
    "title": "Oracle Critical Patch Update - July 2022",
    "serial_number": "2022-053",
    "publish_date": "25-07-2022 07:48:00",
    "description": "On July 19th, 2022, Oracle released their quarterly Critical Patch Update advisory, a collection of patches that addresses multiple critical security flaws, affecting several of their products. Many of these vulnerabilities may be remotely exploited without the need for user credentials. It is therefore highly recommended to apply the security patches without delay.",
    "url_title": "2022-053",
    "content_markdown": "---\ntitle: 'Oracle Critical Patch Update -\u00a0July\u00a02022'\nversion: '1.0'\nnumber: '2022-053'\noriginal_date: 'July 19, 2022'\ndate: 'July 22, 2022'\n---\n\n_History:_\n\n* _22/07/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn July 19th, 2022, Oracle released their quarterly Critical Patch Update advisory, a collection of patches that addresses **multiple critical security flaws**, affecting several of their products [1]. Many of these vulnerabilities may be **remotely exploited without the need for user credentials**. It is therefore highly recommended to **apply the security patches without delay**.\n\n# Technical Details\n\nThe July 2022 Critical Patch Update contains **349 new security patches**, many of which tackle critical vulnerabilities that are easily exploitable and can lead to system takeover, Denial of Service (DOS), and unauthorised creation, deletion or modification access to critical data [2].\n\n# Affected Products\n\nThe following 37 Oracle product families are affected. For further details (e.g., affected versions), please consult Oracle\u2019s official page [1, 2]:\n\n- Oracle Database Server\n- Oracle Autonomous Health Framework\n- Oracle Berkeley DB\n- Oracle Big Data Graph\n- Oracle Blockchain Platform\n- Oracle Essbase\n- Oracle Global Lifecycle Management\n- Oracle GoldenGate\n- Oracle Graph Server and Client\n- Oracle NoSQL Database\n- Oracle REST Data Services\n- Oracle Spatial Studio\n- Oracle SQL Developer\n- Oracle TimesTen In-Memory Database\n- Oracle Commerce\n- Oracle Communications Applications\n- Oracle Communications\n- Oracle Construction and Engineering\n- Oracle E-Business Suite\n- Oracle Enterprise Manager\n- Oracle Financial Services Applications\n- Oracle Food and Beverage Applications\n- Oracle Fusion Middleware\n- Oracle Health Sciences Applications\n- Oracle HealthCare Applications\n- Oracle Hospitality Applications\n- Oracle Java SE\n- Oracle JD Edwards\n- Oracle MySQL\n- Oracle PeopleSoft\n- Oracle Policy Automation\n- Oracle Retail Applications\n- Oracle Siebel CRM\n- Oracle Supply Chain\n- Oracle Systems\n- Oracle Utilities Applications\n- Oracle Virtualization\n\n# Recommendations\n\nIt is recommended to apply the patches for all affected products as soon as possible.\n\n# References\n\n[1] <https://www.oracle.com/security-alerts/cpujul2022.html>\n\n[2] <https://www.oracle.com/security-alerts/cpujul2022verbose.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/07/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On July 19th, 2022, Oracle released their quarterly Critical Patch Update advisory, a collection of patches that addresses <strong>multiple critical security flaws</strong>, affecting several of their products [1]. Many of these vulnerabilities may be <strong>remotely exploited without the need for user credentials</strong>. It is therefore highly recommended to <strong>apply the security patches without delay</strong>.</p><h2 id=\"technical-details\">Technical Details</h2><p>The July 2022 Critical Patch Update contains <strong>349 new security patches</strong>, many of which tackle critical vulnerabilities that are easily exploitable and can lead to system takeover, Denial of Service (DOS), and unauthorised creation, deletion or modification access to critical data [2].</p><h2 id=\"affected-products\">Affected Products</h2><p>The following 37 Oracle product families are affected. For further details (e.g., affected versions), please consult Oracle\u2019s official page [1, 2]:</p><ul><li>Oracle Database Server</li><li>Oracle Autonomous Health Framework</li><li>Oracle Berkeley DB</li><li>Oracle Big Data Graph</li><li>Oracle Blockchain Platform</li><li>Oracle Essbase</li><li>Oracle Global Lifecycle Management</li><li>Oracle GoldenGate</li><li>Oracle Graph Server and Client</li><li>Oracle NoSQL Database</li><li>Oracle REST Data Services</li><li>Oracle Spatial Studio</li><li>Oracle SQL Developer</li><li>Oracle TimesTen In-Memory Database</li><li>Oracle Commerce</li><li>Oracle Communications Applications</li><li>Oracle Communications</li><li>Oracle Construction and Engineering</li><li>Oracle E-Business Suite</li><li>Oracle Enterprise Manager</li><li>Oracle Financial Services Applications</li><li>Oracle Food and Beverage Applications</li><li>Oracle Fusion Middleware</li><li>Oracle Health Sciences Applications</li><li>Oracle HealthCare Applications</li><li>Oracle Hospitality Applications</li><li>Oracle Java SE</li><li>Oracle JD Edwards</li><li>Oracle MySQL</li><li>Oracle PeopleSoft</li><li>Oracle Policy Automation</li><li>Oracle Retail Applications</li><li>Oracle Siebel CRM</li><li>Oracle Supply Chain</li><li>Oracle Systems</li><li>Oracle Utilities Applications</li><li>Oracle Virtualization</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended to apply the patches for all affected products as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.oracle.com/security-alerts/cpujul2022.html\">https://www.oracle.com/security-alerts/cpujul2022.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.oracle.com/security-alerts/cpujul2022verbose.html\">https://www.oracle.com/security-alerts/cpujul2022verbose.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}