This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. The Critical Patch Update for January will be released on Tuesday, January 18, 2022.
“A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update addresses 483 new security patches. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products.” reads the Oracle Critical Patch Update Pre-Release Announcement – January 2022. “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible.”
The CPU will address critical vulnerabilities in Oracle Essbase, Graph Server and Client, Secure Backup, Communications Applications, Communications, Construction and Engineering, Enterprise Manager, Financial Services Applications, Fusion Middleware, Insurance Applications, PeopleSoft, Support Tools, and Utilities Applications.
Some of the vulnerabilities addressed in this Critical Patch Update impacts multiple products. Oracle also urges its customers to apply Critical Patch Update patches as soon as possible due to the risk of exploitation of the addressed vulnerabilities.
The IT giant pointed out that many of these vulnerabilities can be exploited by remote attackers without authentication.
The highest CVSS v3.1 Base Score (10.0) was assigned to vulnerabilities affecting Oracle Communications Applications. The company will also address flaws in Oracle Essbase having a CVSS v3.1 Base Score of 9.9.
High-severity flaws will be fixed in Airlines Data Model, Big Data Graph, Communications Data Model, Commerce, Food and Beverage Applications, E-Business Suite, GoldenGate, Health Sciences Applications, HealthCare Applications, Hospitality Applications, Hyperion, iLearning, JD Edwards, MySQL, Policy Automation, Retail Applications, REST Data Services, Siebel CRM, Supply Chain, Systems, Spatial Studio, and TimesTen In-Memory.
(SecurityAffairs – hacking, CPU)