Oracle critical security patch – July 2017

  • Post author:
  • Reading time:32 mins read

Oracle has released 308 security updates as part of the quarterly patch release cycle. The Oracle Critical Patch Update – July 2017 provides fixes for a wide range of product families including Oracle Database Server, Oracle BI Publisher, Oracle Business Intelligence Enterprise Edition,  Oracle Endeca Server, Oracle Fusion Middleware, Oracle Outside In Technology,  Oracle WebLogic Server,  Oracle Application Testing Suite, Oracle Business Transaction Management, Oracle E-Business Suite, Oracle Transportation Management, PeopleSoft Products,  Oracle iLearning, Oracle Fusion Applications ,  Oracle Hospitality Applications, Oracle Payment Interface, Primavera Gateway, Java Advanced Management Console, Oracle Java SE, Oracle Java SE Embedded , Oracle JRockit , Oracle VM VirtualBox, MySQL Cluster, MySQL Connectors, MySQL Enterprise Monitor, MySQL Server and then Oracle Explorer. A vulnerability management tool is required.

The CPU July 2017 Advisory in oracle critical patch update july 2017 addresses:

Two (4) security vulnerabilities for the Oracle Database Server, 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. Auto patching can help remediate this vulnerability.

(CVE-2017-10202, CVE-2014-3566, CVE-2016-2183 and then CVE-2017-10120)


One (1) security vulnerability for Oracle REST Data Services. However, this can be exploited remotely without authentication.

(CVE-2016-3092)


Nine (9) security vulnerabilities for Oracle Primavera Products Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2016-6814, CVE-2016-5019, CVE-2015-0254, CVE-2017-10038, CVE-2017-10131, CVE-2017-10046, CVE-2017-10149, CVE-2017-10160 and then CVE-2017-10150).


One (1) security vulnerability for Oracle Policy Automation. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2016-3092)


Eight (8) security vulnerabilities for Oracle Retail Applications. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-5689, CVE-2017-5689, CVE-2017-10183, CVE-2016-6814, CVE-2017-10214, CVE-2016-3506,  CVE-2017-10172 and then CVE-2017-10173)


Forty-eight (48) security vulnerabilities for Oracle Hospitality Applications. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-5689, CVE-2017-5689, CVE-2017-10000, CVE-2017-10232, CVE-2017-10001, CVE-2017-10136, CVE-2017-10206, CVE-2017-10226, CVE-2017-10225, CVE-2017-10216, CVE-2017-10212, CVE-2017-10047, CVE-2017-10224, CVE-2017-10076, CVE-2017-10211, CVE-2017-10128, CVE-2017-10097, CVE-2017-10079, CVE-2017-10188, CVE-2017-10189, CVE-2017-10169, CVE-2017-10056, CVE-2017-10231, CVE-2017-10219, CVE-2017-10201, CVE-2017-10230, CVE-2017-10229, CVE-2017-10228, CVE-2017-10002, CVE-2017-10222, CVE-2017-10223, CVE-2017-10142, CVE-2017-10044, CVE-2017-10207, CVE-2017-10069, CVE-2017-10221, CVE-2017-10168, CVE-2017-10182, CVE-2017-10200, CVE-2017-10133, CVE-2017-10132, CVE-2017-10217, CVE-2017-10218, CVE-2017-10205, CVE-2017-10195, CVE-2017-10208, CVE-2017-10220 and then CVE-2017-10213)


Twenty (20) security vulnerabilities for Oracle Financial Services Applications. However, 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2016-0635, CVE-2016-3092, CVE-2017-10085, CVE-2017-10181, CVE-2017-10006, CVE-2017-10103, CVE-2017-10023, CVE-2017-10084, CVE-2017-10005, 2.0, 12.0.1, CVE-2017-10083, 11.4.0, 12.0.1, CVE-2017-10011, CVE-2017-10012, CVE-2017-10072, CVE-2017-10073, 11.4.0, 12.0.1, CVE-2017-10098, CVE-2017-10010, CVE-2017-10009, CVE-2017-10007, CVE-2017-10022 and then CVE-2017-10071)


Eleven (11) security vulnerabilities for Oracle Communications Applications. However, 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2015-3253, CVE-2015-0235, CVE-2015-7501, CVE-2016-0635, CVE-2016-2107, CVE-2016-2107, CVE-2015-7940, CVE-2016-6304, CVE-2017-1003, CVE-2016-2107 and then CVE-2017-3732)


One (1) security vulnerability for Oracle iLearning. However, this vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10199)


One (1) security vulnerability for Oracle Commerce. However, this vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-3732)


One (1) security vulnerability for Oracle Siebel CRM. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10049)


Thirty (30) security vulnerabilities for Oracle PeopleSoft Products. 20 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10061, CVE-2017-10146, CVE-2017-10019, CVE-2017-10258, CVE-2017-10257, CVE-2017-10215, CVE-2017-10248, CVE-2017-10255, CVE-2017-10256, CVE-2017-10100, CVE-2017-10126, CVE-2017-10247, CVE-2017-10070, CVE-2017-10249, CVE-2017-10021, CVE-2017-10253, CVE-2017-10106, CVE-2017-10017, CVE-2017-3731, CVE-2017-10134, CVE-2017-10057, CVE-2017-10027, CVE-2017-10045, CVE-2017-10015, CVE-2017-10251, CVE-2017-10250, CVE-2017-10020, CVE-2017-10252, CVE-2017-10018 and then CVE-2017-10254)


Ten (10) security vulnerabilities for Oracle Supply Chain Products Suite. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10039, CVE-2017-10052, CVE-2017-10080, CVE-2017-10082, CVE-2017-10092, CVE-2017-3732, CVE-2017-10094, CVE-2017-10032, CVE-2017-10093 and then CVE-2017-10088)


Twenty two (22) security vulnerabilities for Oracle E-Business Suite. 18 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10246, CVE-2017-10180, CVE-2017-10143, CVE-2017-10185, CVE-2017-10113, CVE-2017-10170, CVE-2017-10171, CVE-2017-10191, CVE-2017-10112, CVE-2017-10174, CVE-2017-10177, CVE-2017-10130, CVE-2016-6304, CVE-2017-10144, CVE-2017-10245, CVE-2017-10179, CVE-2017-3562, CVE-2017-10244, CVE-2017-10184, CVE-2017-10192, CVE-2017-10186 and then CVE-2017-10175)


Eight (8) security vulnerabilities for Oracle Enterprise Manager Grid Control. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2016-5387, CVE-2016-1181, CVE-2017-10091, CVE-2015-7940, CVE-2016-2381, CVE-2017-3732, CVE-2017-3732 and then CVE-2016-3092)


One (1) security vulnerability for Oracle Hyperion. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials.

(CVE-2016-0635)


Forty-four (44) security vulnerabilities for Oracle Fusion Middleware. 31 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10137, CVE-2015-3253 CVE-2015-5254 CVE-2017-5638 CVE-2015-7501 CVE-2015-7501 CVE-2015-7501 CVE-2015-7501 CVE-2016-0635 CVE-2016-2834 CVE-2016-2834 CVE-2015-7501 CVE-2016-0635 CVE-2017-10147, CVE-2017-10025, CVE-2017-10043, CVE-2017-10156, CVE-2017-10024, CVE-2017-10028, CVE-2017-10029, CVE-2017-10030, CVE-2017-10035, CVE-2017-10048, CVE-2017-10141, CVE-2017-10196, CVE-2017-10040, CVE-2017-10075, CVE-2017-10059, CVE-2017-10041, CVE-2017-10119, CVE-2016-3092 CVE-2015-7940 CVE-2015-7940 CVE-2017-10058, CVE-2017-10157, CVE-2017-10178, CVE-2017-3732 CVE-2017-3732 CVE-2017-3732 CVE-2013-2027 CVE-2017-10148, CVE-2017-10063, CVE-2017-10123 and then CVE-2014-3566)


Thirty two (32) security vulnerabilities for Oracle Java SE. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-10110, CVE-2017-10089, CVE-2017-10086, CVE-2017-10096, CVE-2017-10101, CVE-2017-10087, CVE-2017-10090, CVE-2017-10111, CVE-2017-10107, CVE-2017-10102, CVE-2017-10114, CVE-2017-10074, CVE-2017-10116, CVE-2017-10078, CVE-2017-10067, CVE-2017-10115, CVE-2017-10118, CVE-2017-10176, CVE-2017-10104, CVE-2017-10145, CVE-2017-10125, CVE-2017-10198, CVE-2017-10243, CVE-2017-10121, CVE-2017-10135, CVE-2017-10117, CVE-2017-10053, CVE-2017-10108, CVE-2017-10109, CVE-2017-10105, CVE-2017-10081 and then CVE-2017-10193)


However, Eleven (11) security vulnerabilities for the Oracle Sun Systems Products Suite. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-3632, CVE-2017-10013, CVE-2017-10042, CVE-2017-10036, CVE-2017-10016, CVE-2017-10234, CVE-2017-10004, CVE-2017-10062, CVE-2017-10003, CVE-2017-10095 and then CVE-2017-10122)


Fourteen (14) security vulnerabilities for the Oracle Virtualization. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials.

(CVE-2017-10204, CVE-2017-10129, CVE-2017-10210, CVE-2017-10233, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, CVE-2017-10235, CVE-2017-10209 and then CVE-2017-10187)


Thirty (30) security vulnerabilities for the Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2016-4436, CVE-2017-5651, CVE-2017-5647, CVE-2017-3633, CVE-2017-3634, CVE-2017-3732, CVE-2017-3732, CVE-2017-3732, CVE-2017-3635, CVE-2017-3635, CVE-2017-3636, CVE-2017-3529, CVE-2017-3637, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-3646, CVE-2014-1912, CVE-2017-3648, CVE-2017-3647, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3650 and then CVE-2017-3653)


One (1) security vulnerability for Oracle Support Tools. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

(CVE-2017-3732)

Detailed list of Affected Products and Components in oracle critical patch update july 2017:

Affected Products and Versions Patch Availability
Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1 Database
Oracle REST Data Services, versions prior to 3.0.10.25.02.36 Database
Oracle API Gateway, version 11.1.2.4.0 Fusion Middleware
Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle Business Intelligence Enterprise Edition, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle Data Integrator, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0 Fusion Middleware
Oracle Endeca Server, versions 7.3.0.0, 7.4.0.0, 7.5.0.0, 7.5.1.0, 7.6.0.0, 7.6.1.0, 7.7.0.0 Fusion Middleware
Oracle Enterprise Data Quality, version 8.1.13.0.0 Fusion Middleware
Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0 Fusion Middleware
Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2 Fusion Middleware
Oracle OpenSSO, version 3.0.0.8 Fusion Middleware
Oracle Outside In Technology, version 8.5.3.0 Fusion Middleware
Oracle Secure Enterprise Search, version 11.2.2.2.0 Fusion Middleware
Oracle Service Bus, version 11.1.1.9.0 Fusion Middleware
Oracle Traffic Director, versions 11.1.1.7.0, 11.1.1.9.0 Fusion Middleware
Oracle Tuxedo, version 12.1.1 Fusion Middleware
Oracle Tuxedo System and Applications Monitor, versions 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.2, 12.1.1.1.0, 12.1.3.0.0, 12.2.2.0.0 Fusion Middleware
Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0 Fusion Middleware
Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.1, 12.2.1.2 Fusion Middleware
Hyperion Essbase, version 12.2.1.1 Fusion Middleware
Enterprise Manager Base Platform, versions 12.1.0, 13.1.0, 13.2.0 Enterprise Manager
Enterprise Manager Ops Center, versions 12.2.2, 12.3.2 Enterprise Manager
Oracle Application Testing Suite, versions 12.5.0.2, 12.5.0.3 Enterprise Manager
Oracle Business Transaction Management, versions 11.1.x, 12.1.x Enterprise Manager
Oracle Configuration Manager, versions prior to 12.1.2.0.4 Enterprise Manager
Application Management Pack for Oracle E-Business Suite, versions AMP 12.1.0.4.0, AMP 13.1.1.1.0 E-Business Suite
Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 E-Business Suite
Oracle Agile PLM, versions 9.3.5, 9.3.6 Oracle Supply Chain Products
Oracle Transportation Management, versions 6.1, 6.2, 6.3.4.1, 6.3.5.1, 6.3.6.1, 6.3.7.1, 6.4.0, 6.4.1, 6.4.2 Oracle Supply Chain Products
PeopleSoft Enterprise FSCM, version 9.2 PeopleSoft
PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55 PeopleSoft
PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.0 PeopleSoft
Siebel Applications, versions 16.0, 17.0 Siebel
Oracle Commerce Guided Search / Oracle Commerce Experience Manager, versions 6.1.4, 11.0, 11.1, 11.2 Oracle Commerce
Oracle iLearning, version 6.2 iLearning
Oracle Fusion Applications, versions 11.1.2 through 11.1.9 Fusion Applications
Oracle Communications BRM, versions 11.2.0.0.0, 11.3.0.0.0 Oracle Communications BRM – Elastic Charging Engine
Oracle Communications Convergence, versions 3.0, 3.0.1 Oracle Communications Convergence
Oracle Communications EAGLE LNP Application Processor, version 10.0 Oracle Communications EAGLE LNP Application Processor
Oracle Communications Network Charging and Control, versions 4.4.1.5, 5.0.0.1, 5.0.0.2, 5.0.1.0, 5.0.2.0 Oracle Communications Network Charging and Control
Oracle Communications Policy Management, version 11.5 Oracle Communications Policy Management
Oracle Communications Session Router, versions ECZ730, SCZ730, SCZ740 Oracle Communications Session Router
Oracle Enterprise Communications Broker, version PCZ210 Oracle Enterprise Communications Broker
Oracle Enterprise Session Border Controller, version ECZ7.3.0 Oracle Enterprise Session Border Controller
Financial Services Behavior Detection Platform, versions 8.0.1, 8.0.2 Oracle Financial Services Applications
Oracle Banking Platform, versions 2.3, 2.4, 2.4.1, 2.5 Oracle Banking Platform
Oracle FLEXCUBE Direct Banking, versions 12.0.2, 12.0.3 Oracle Financial Services Applications
Oracle FLEXCUBE Private Banking, versions 2.0.0, 2.0.1, 2.2.0, 12.0.1 Oracle Financial Services Applications
Oracle FLEXCUBE Universal Banking, versions 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0 Oracle Financial Services Applications
Hospitality Hotel Mobile, versions 1.01, 1.05, 1.1 Hospitality Hotel Mobile
Hospitality Property Interfaces, version 8.10.x Hospitality Property Interfaces
Hospitality Suite8, version 8.10.x Hospitality Suite8
Hospitality WebSuite8 Cloud Service, versions 8.9.6, 8.10.x Hospitality WebSuite8 Cloud Service
MICROS BellaVita, version 2.7.x MICROS BellaVita
MICROS PC Workstation 2015, versions Prior to O1302h MICROS PC Workstation
MICROS Workstation 650, versions Prior to E1500n MICROS Workstation
Oracle Hospitality 9700, version 4.0 Oracle Hospitality 9700
Oracle Hospitality Cruise AffairWhere, version 2.2.05.062 Hospitality Cruise AffairWhere
Oracle Hospitality Cruise Dining Room Management, version 8.0.75 Oracle Hospitality Cruise Dining Room Management
Oracle Hospitality Cruise Fleet Management, version 9.0 Oracle Hospitality Cruise Fleet Management
Oracle Hospitality Cruise Materials Management, version 7.30.562 Oracle Hospitality Cruise Materials Management
Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.0.0 Oracle Hospitality Cruise Shipboard Property Management System
Oracle Hospitality e7, version 4.2.1 Oracle Hospitality e7
Oracle Hospitality Guest Access, versions 4.2.0.0, 4.2.1.0 Oracle Hospitality Guest Access
Oracle Hospitality Inventory Management, versions 8.5.1, 9.0.0 Oracle Hospitality Inventory Management
Oracle Hospitality Materials Control, versions 8.31.4, 8.32.0 Oracle Hospitality Materials Control
Oracle Hospitality OPERA 5 Property Services, versions 5.4.0.x, 5.4.1.x, 5.4.3.x Oracle Hospitality OPERA 5 Property Services
Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0 Oracle Hospitality Reporting and Analytics
Oracle Hospitality RES 3700, version 5.5 Oracle Hospitality RES
Oracle Hospitality Simphony, versions 2.8, 2.9 Oracle Hospitality Simphony
Oracle Hospitality Simphony First Edition, version 1.7.1 Hospitality Simphony First Edition
Oracle Hospitality Simphony First Edition Venue Management, version 3.9 Hospitality Simphony First Edition Venue Management
Oracle Hospitality Suites Management, version 3.7 Hospitality Suites Management
Oracle Payment Interface, version 6.1.1 Oracle Payment Interface
Oracle Retail Allocation, versions 13.3.1, 14.0.4, 14.1.3, 15.0.1, 16.0.1 Retail Applications
Oracle Retail Customer Insights, versions 15.0, 16.0 Retail Applications
Oracle Retail Open Commerce Platform, versions 5.0, 5.1, 5.2, 5.3, 6.0, 6.1, 15.0, 15.1 Retail Applications
Oracle Retail Warehouse Management System, versions 14.0.4, 14.1.3, 15.0.1 Retail Applications
Oracle Retail Workforce Management, versions 1.60.7, 1.64.0 Retail Applications
Oracle Retail Xstore Point of Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0 Retail Applications
Oracle Policy Automation, versions 12.1.0, 12.1.1, 12.2.0, 12.2.1, 12.2.2, 12.2.3 Oracle Policy Automation
Primavera Gateway, versions 1.0, 1.1, 14.2, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Primavera P6 Enterprise Project Portfolio Management, versions 8.3, 8.4, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Primavera Unifier, versions 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1, 16.2 Oracle Primavera Products Suite
Java Advanced Management Console, version 2.6 Oracle Java SE
Oracle Java SE, versions 6u151, 7u141, 8u131 Oracle Java SE
Oracle Java SE Embedded, version 8u131 Oracle Java SE
Oracle JRockit, version R28.3.14 Oracle Java SE
Solaris, versions 10, 11 Oracle and Sun Systems Products Suite
Solaris Cluster, version 4 Oracle and Sun Systems Products Suite
Sun ZFS Storage Appliance Kit (AK), version AK 2013 Oracle and Sun Systems Products Suite
Oracle VM VirtualBox, versions prior to 5.1.24 Oracle Linux and Virtualization
MySQL Cluster, versions 7.3.5 and prior Oracle MySQL Product Suite
MySQL Connectors, versions 5.3.7 and prior, 6.1.10 and prior Oracle MySQL Product Suite
MySQL Enterprise Monitor, versions 3.1.5.7958 and prior, 3.2.5.1141 and prior, 3.2.7.1204 and prior, 3.3.2.1162 and prior, 3.3.3.1199 and prior Oracle MySQL Product Suite
MySQL Server, versions 5.5.56 and prior, 5.6.36 and prior, 5.7.18 and prior Oracle MySQL Product Suite
Oracle Explorer, versions prior to 8.16 Oracle Support Tools

This is about oracle critical patch update july 2017

However, SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Finally, download Saner now and keep your systems updated and secure.

Share this article