--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Oracle Critical Patch Update - July 2022' version: '1.0' number: '2022-053' original_date: 'July 19, 2022' date: 'July 22, 2022' --- _History:_ * _22/07/2022 --- v1.0 -- Initial publication_ # Summary On July 19th, 2022, Oracle released their quarterly Critical Patch Update advisory, a collection of patches that addresses **multiple critical security flaws**, affecting several of their products [1]. Many of these vulnerabilities may be **remotely exploited without the need for user credentials**. It is therefore highly recommended to **apply the security patches without delay**. # Technical Details The July 2022 Critical Patch Update contains **349 new security patches**, many of which tackle critical vulnerabilities that are easily exploitable and can lead to system takeover, Denial of Service (DOS), and unauthorised creation, deletion or modification access to critical data [2]. # Affected Products The following 37 Oracle product families are affected. For further details (e.g., affected versions), please consult Oracle’s official page [1, 2]: - Oracle Database Server - Oracle Autonomous Health Framework - Oracle Berkeley DB - Oracle Big Data Graph - Oracle Blockchain Platform - Oracle Essbase - Oracle Global Lifecycle Management - Oracle GoldenGate - Oracle Graph Server and Client - Oracle NoSQL Database - Oracle REST Data Services - Oracle Spatial Studio - Oracle SQL Developer - Oracle TimesTen In-Memory Database - Oracle Commerce - Oracle Communications Applications - Oracle Communications - Oracle Construction and Engineering - Oracle E-Business Suite - Oracle Enterprise Manager - Oracle Financial Services Applications - Oracle Food and Beverage Applications - Oracle Fusion Middleware - Oracle Health Sciences Applications - Oracle HealthCare Applications - Oracle Hospitality Applications - Oracle Java SE - Oracle JD Edwards - Oracle MySQL - Oracle PeopleSoft - Oracle Policy Automation - Oracle Retail Applications - Oracle Siebel CRM - Oracle Supply Chain - Oracle Systems - Oracle Utilities Applications - Oracle Virtualization # Recommendations It is recommended to apply the patches for all affected products as soon as possible. # References [1] [2]