Oracle has released 308 security updates as part of the quarterly patch release cycle. The Oracle Critical Patch Update – July 2017 provides fixes for a wide range of product families including Oracle Database Server, Oracle BI Publisher, Oracle Business Intelligence Enterprise Edition, Oracle Endeca Server, Oracle Fusion Middleware, Oracle Outside In Technology, Oracle WebLogic Server, Oracle Application Testing Suite, Oracle Business Transaction Management, Oracle E-Business Suite, Oracle Transportation Management, PeopleSoft Products, Oracle iLearning, Oracle Fusion Applications , Oracle Hospitality Applications, Oracle Payment Interface, Primavera Gateway, Java Advanced Management Console, Oracle Java SE, Oracle Java SE Embedded , Oracle JRockit , Oracle VM VirtualBox, MySQL Cluster, MySQL Connectors, MySQL Enterprise Monitor, MySQL Server, Oracle Explorer.
The CPU July 2017 Advisory addresses:
Two (4) security vulnerabilities for the Oracle Database Server, 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10202, CVE-2014-3566, CVE-2016-2183, CVE-2017-10120)
One (1) security vulnerability for Oracle REST Data Services, this can be exploited remotely without authentication.
(CVE-2016-3092)
Nine (9) security vulnerabilities for Oracle Primavera Products Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2016-6814, CVE-2016-5019, CVE-2015-0254, CVE-2017-10038, CVE-2017-10131, CVE-2017-10046, CVE-2017-10149, CVE-2017-10160, CVE-2017-10150).
One (1) security vulnerability for Oracle Policy Automation. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2016-3092)
Eight (8) security vulnerabilities for Oracle Retail Applications. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-5689, CVE-2017-5689, CVE-2017-10183, CVE-2016-6814, CVE-2017-10214, CVE-2016-3506, CVE-2017-10172, CVE-2017-10173)
Forty-eight (48) security vulnerabilities for Oracle Hospitality Applications. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-5689, CVE-2017-5689, CVE-2017-10000, CVE-2017-10232, CVE-2017-10001, CVE-2017-10136, CVE-2017-10206, CVE-2017-10226, CVE-2017-10225, CVE-2017-10216, CVE-2017-10212, CVE-2017-10047, CVE-2017-10224, CVE-2017-10076, CVE-2017-10211, CVE-2017-10128, CVE-2017-10097, CVE-2017-10079, CVE-2017-10188, CVE-2017-10189, CVE-2017-10169, CVE-2017-10056, CVE-2017-10231, CVE-2017-10219, CVE-2017-10201, CVE-2017-10230, CVE-2017-10229, CVE-2017-10228, CVE-2017-10002, CVE-2017-10222, CVE-2017-10223, CVE-2017-10142, CVE-2017-10044, CVE-2017-10207, CVE-2017-10069, CVE-2017-10221, CVE-2017-10168, CVE-2017-10182, CVE-2017-10200, CVE-2017-10133, CVE-2017-10132, CVE-2017-10217, CVE-2017-10218, CVE-2017-10205, CVE-2017-10195, CVE-2017-10208, CVE-2017-10220, CVE-2017-10213)
Twenty (20) security vulnerabilities for Oracle Financial Services Applications. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2016-0635, CVE-2016-3092, CVE-2017-10085, CVE-2017-10181, CVE-2017-10006, CVE-2017-10103, CVE-2017-10023, CVE-2017-10084, CVE-2017-10005, 2.0, 12.0.1, CVE-2017-10083, 11.4.0, 12.0.1, CVE-2017-10011, CVE-2017-10012, CVE-2017-10072, CVE-2017-10073, 11.4.0, 12.0.1, CVE-2017-10098, CVE-2017-10010, CVE-2017-10009, CVE-2017-10007, CVE-2017-10022, CVE-2017-10071)
Eleven (11) security vulnerabilities for Oracle Communications Applications. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2015-3253, CVE-2015-0235, CVE-2015-7501, CVE-2016-0635, CVE-2016-2107, CVE-2016-2107, CVE-2015-7940, CVE-2016-6304, CVE-2017-1003, CVE-2016-2107, CVE-2017-3732)
One (1) security vulnerability for Oracle iLearning. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10199)
One (1) security vulnerability for Oracle Commerce. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-3732)
One (1) security vulnerability for Oracle Siebel CRM. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10049)
Thirty (30) security vulnerabilities for Oracle PeopleSoft Products. 20 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10061, CVE-2017-10146, CVE-2017-10019, CVE-2017-10258, CVE-2017-10257, CVE-2017-10215, CVE-2017-10248, CVE-2017-10255, CVE-2017-10256, CVE-2017-10100, CVE-2017-10126, CVE-2017-10247, CVE-2017-10070, CVE-2017-10249, CVE-2017-10021, CVE-2017-10253, CVE-2017-10106, CVE-2017-10017, CVE-2017-3731, CVE-2017-10134, CVE-2017-10057, CVE-2017-10027, CVE-2017-10045, CVE-2017-10015, CVE-2017-10251, CVE-2017-10250, CVE-2017-10020, CVE-2017-10252, CVE-2017-10018, CVE-2017-10254)
Ten (10) security vulnerabilities for Oracle Supply Chain Products Suite. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10039, CVE-2017-10052, CVE-2017-10080, CVE-2017-10082, CVE-2017-10092, CVE-2017-3732, CVE-2017-10094, CVE-2017-10032, CVE-2017-10093, CVE-2017-10088)
Twenty two (22) security vulnerabilities for Oracle E-Business Suite. 18 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10246, CVE-2017-10180, CVE-2017-10143, CVE-2017-10185, CVE-2017-10113, CVE-2017-10170, CVE-2017-10171, CVE-2017-10191, CVE-2017-10112, CVE-2017-10174, CVE-2017-10177, CVE-2017-10130, CVE-2016-6304, CVE-2017-10144, CVE-2017-10245, CVE-2017-10179, CVE-2017-3562, CVE-2017-10244, CVE-2017-10184, CVE-2017-10192, CVE-2017-10186, CVE-2017-10175)
Eight (8) security vulnerabilities for Oracle Enterprise Manager Grid Control. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2016-5387, CVE-2016-1181, CVE-2017-10091, CVE-2015-7940, CVE-2016-2381, CVE-2017-3732, CVE-2017-3732, CVE-2016-3092)
One (1) security vulnerability for Oracle Hyperion. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials.
(CVE-2016-0635)
Forty-four (44) security vulnerabilities for Oracle Fusion Middleware. 31 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10137, CVE-2015-3253 CVE-2015-5254 CVE-2017-5638 CVE-2015-7501 CVE-2015-7501 CVE-2015-7501 CVE-2015-7501 CVE-2016-0635 CVE-2016-2834 CVE-2016-2834 CVE-2015-7501 CVE-2016-0635 CVE-2017-10147, CVE-2017-10025, CVE-2017-10043, CVE-2017-10156, CVE-2017-10024, CVE-2017-10028, CVE-2017-10029, CVE-2017-10030, CVE-2017-10035, CVE-2017-10048, CVE-2017-10141, CVE-2017-10196, CVE-2017-10040, CVE-2017-10075, CVE-2017-10059, CVE-2017-10041, CVE-2017-10119, CVE-2016-3092 CVE-2015-7940 CVE-2015-7940 CVE-2017-10058, CVE-2017-10157, CVE-2017-10178, CVE-2017-3732 CVE-2017-3732 CVE-2017-3732 CVE-2013-2027 CVE-2017-10148, CVE-2017-10063, CVE-2017-10123, CVE-2014-3566)
Thirty two (32) security vulnerabilities for Oracle Java SE. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-10110, CVE-2017-10089, CVE-2017-10086, CVE-2017-10096, CVE-2017-10101, CVE-2017-10087, CVE-2017-10090, CVE-2017-10111, CVE-2017-10107, CVE-2017-10102, CVE-2017-10114, CVE-2017-10074, CVE-2017-10116, CVE-2017-10078, CVE-2017-10067, CVE-2017-10115, CVE-2017-10118, CVE-2017-10176, CVE-2017-10104, CVE-2017-10145, CVE-2017-10125, CVE-2017-10198, CVE-2017-10243, CVE-2017-10121, CVE-2017-10135, CVE-2017-10117, CVE-2017-10053, CVE-2017-10108, CVE-2017-10109, CVE-2017-10105, CVE-2017-10081, CVE-2017-10193)
Eleven (11) security vulnerabilities for the Oracle Sun Systems Products Suite. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-3632, CVE-2017-10013, CVE-2017-10042, CVE-2017-10036, CVE-2017-10016, CVE-2017-10234, CVE-2017-10004, CVE-2017-10062, CVE-2017-10003, CVE-2017-10095, CVE-2017-10122)
Fourteen (14) security vulnerabilities for the Oracle Virtualization. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials.
(CVE-2017-10204, CVE-2017-10129, CVE-2017-10210, CVE-2017-10233, CVE-2017-10236, CVE-2017-10237, CVE-2017-10238, CVE-2017-10239, CVE-2017-10240, CVE-2017-10241, CVE-2017-10242, CVE-2017-10235, CVE-2017-10209, CVE-2017-10187)
Thirty (30) security vulnerabilities for the Oracle MySQL. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2016-4436, CVE-2017-5651, CVE-2017-5647, CVE-2017-3633, CVE-2017-3634, CVE-2017-3732, CVE-2017-3732, CVE-2017-3732, CVE-2017-3635, CVE-2017-3635, CVE-2017-3636, CVE-2017-3529, CVE-2017-3637, CVE-2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3643, CVE-2017-3644, CVE-2017-3638, CVE-2017-3642, CVE-2017-3645, CVE-2017-3646, CVE-2014-1912, CVE-2017-3648, CVE-2017-3647, CVE-2017-3649, CVE-2017-3651, CVE-2017-3652, CVE-2017-3650, CVE-2017-3653)
One (1) security vulnerability for Oracle Support Tools. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
(CVE-2017-3732)
Detailed list of Affected Products and Components:
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.