You are currently viewing Oracle Releases Critical Security Updates for April 2022 – Patch Now!

Oracle Releases Critical Security Updates for April 2022 – Patch Now!

Oracle has released security updates for April 2022, containing 520 security patches for a wide range of product families, including Oracle E-Business Suite, Oracle MySQL, Oracle Java SE, etc. This advisory covers multiple products which are prone to many vulnerabilities.

Oracle Critical Security Update Summary

The critical security update contains 520 new patches across multiple Oracle products. Security vulnerabilities addressed by these critical patches affect some of the below products:

 

oracle security updates



Oracle Communications
has received 149 new security patches; 98 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without user credentials. CVE-2022-21431CVE-2022-23305, and CVE-2022-23990 are considered the most critical, with a base score of 10.0, 9.8 and 9.8 respectively. The components affected are NEF(Spring Cloud Gateway), NSSF (Spring Cloud Gateway), Automated Test Suite (Jenkins), Automation Test Suite (Spring Framework), and BSF (Python).

Oracle MySQL has received 43 new security patches; 11 of these vulnerabilities may be remotely exploitable without authentication. CVE-2022-23305 and CVE-2022-22965 are considered the most critical, both CVEs have a base score of 9.8. The components affected are Apache Log4j, OpenSSL, Apache Tomcat and Spring Framework.

Oracle Java SE has received seven new security patches. All of these vulnerabilities may be remotely exploitable without authentication. CVE-2022-0778, CVE-2022-21449, and CVE-2022-21476 are considered the most critical and have a base score of 7.5. The components affected are nodes, libraries and JAXP.

Oracle Systems has received 20 new security patches; 14 of these vulnerabilities may be remotely exploitable without authentication. CVE-2019-17195, CVE-2021-39275, and CVE-2021-2351 are considered the most critical, with a base score of 9.8, 9.8 and 8.3. The components affected are Tools (Nimbus JOSE+JWT), Operating System Image, Software and Application Server (JDBC).

Oracle Blockchain Platform has received 15 new security patches; 14 of these vulnerabilities may be remotely exploitable without authentication. CVE-2021-23017, CVE-2020-5245, and CVE-2021-2351 are considered the most critical, with a base score of 9.8, 8.8 and 8.3. The components affected are Backend (Nginx), Backend (Dropwizard-Validation), and BCS Console (JDBC, OCCI).

Third-party Patches:

Oracle has not provided new security patches for below mentioned three product families, but third-party patches are available.

  1. Oracle Global Lifecycle Management
  2. Oracle Secure Backup
  3. Oracle NoSQL Database

The most critical vulnerabilities for third-party patches are mentioned below:

CVE Product Component CVSS Score
CVE-2021-44790 Oracle Communications Session Route Manager Apache HTTP Server 9.8
CVE-2022-23305 Oracle Middleware Common Libraries and Tools Apache Log4j 9.8
CVE-2021-2351 Oracle Communications Services Gatekeeper Software/products (JDBC) 8.3
CVE-2022-23306 Oracle Communications Session Route Manager Apache Tomcat 7.5
CVE-2021-44832 Oracle Communications Session Route Manager Apache Log4j 6.6
CVE-2022-23437 Oracle Communications Session Route Manager Apache Xerces-J 6.5

 

Severity Level

The new security patches include a severity range of low, medium, high and critical and they are as follows:

Other Affected Oracle Products:

Most of the Oracle family products are affected, including Oracle Communications, Oracle MySQL, Oracle Financial Services Applications, Oracle Retail Applications, Oracle E-Business Suite, Oracle MySQL, Oracle Java SE, etc.

Impact:

Remote Code Execution, Privilege Escalation, Information Disclosure, Security Feature Bypass, SQL injection, Denial of Service, Network Connection Hijacking, etc.

Solution:

Oracle has already released security updates for April 2022 and these patches are available only for Oracle customers. Please be advised to download the patch from the Oracle portal and install it. SanerNow software deployment capability can be used to install executable/scripts.

Use SanerNow, and keep your systems updated and secure.

 

5 1 vote
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments