You are currently viewing Oracle Releases Critical Security Updates January 2023 – Patch Now!

Oracle Releases Critical Security Updates January 2023 – Patch Now!

  • Post author:
  • Reading time:58 mins read

Oracle releases security updates of January 2023, 327 security patches for various product families, including Oracle Communications, Oracle Fusion Middleware, Oracle MySQL, etc. Although, this advisory includes different products which are prone to multiple vulnerabilities.

Oracle Communications has received 79 new security patches, of which 50 vulnerabilities may be remotely exploitable without authentication. Whereas, CVE-2022-43403 has a base score of 9.9, along with 18 other vulnerabilities with a base score of 9.8. However, these vulnerabilities are considered to be the most critical. Finally, you can patch these critical vulnerabilities using efficient patch management software, out of which 39 vulnerabilities may be remotely exploitable without authentication. Despite all this, there are 15 vulnerabilities with a base score of 9.8 which are considered to be the most critical ones. Therefore, it is essential to have a vulnerability management tool.

Oracle releases Security Updates January 2023 Summary

Oracle Database Server

Affected Components: Oracle Data Provider for .NET, Oracle Database – Machine Learning for Python (Python), Oracle Database – Workload Manager (Jackson-databind), Oracle Database Fleet Patching (Jackson-databind), Oracle Database RDBMS Security, Java VM, Oracle Database (Python), Oracle Database (Zlib) and then Oracle Database Data Redaction

CVEs: CVE-2023-21893, CVE-2021-3737, CVE-2022-42003, CVE-2022-42003, CVE-2023-21829, CVE-2022-39429, CVE-2020-10735, CVE-2018-25032, CVE-2023-21827

This patch update also includes third-party patches for the following non-exploitable CVEs:

Oracle Big Data Graph

This security update does not address any patch for exploitable flaws but does have fixes for non-exploitable third-party CVEs for Oracle Big Data Graph:

Oracle Essbase

Product: Oracle Essbase
Affected Components: Essbase Web Platform (OpenSSL), Infrastructure (cURL)
CVEs: CVE-2022-2274, CVE-2022-42915

This patch update also includes third-party patches for the following non-exploitable CVEs:

Oracle Global Lifecycle Management

This January 2023 security update does not address any patch for exploitable flaws but does have fixes for non-exploitable third-party CVEs for Oracle Global Lifecycle Management:

Oracle GoldenGate

Products: GoldenGate Stream Analytics, Oracle Stream Analytics
Affected Components: GoldenGate Stream Analytics (Google Gson), GoldenGate Stream Analytics (jackson-databind), Stream Analytics (Apache HttpClient)
CVEs: CVE-2022-25647, CVE-2020-36518, CVE-2020-13956

This Oracle January 2023 patch update also includes third-party patches for the following non-exploitable CVEs:

Oracle Graph Server and Client

This January 2023 security update does not address any patch for exploitable flaws but does have fixes for non-exploitable third-party CVEs for Oracle Graph Server and Client:

Oracle Spatial Studio

This security update does not address any patch for exploitable flaws but does have fixes for non-exploitable third-party CVEs for Oracle Spatial Studio:

Oracle TimesTen In-Memory Database

Product: Oracle TimesTen In-Memory Database
Affected Component: In-Memory Database (Zlib)
CVE: CVE-2022-37434

Oracle Communications Applications

Products: Oracle Communications Design Studio, Oracle Communications Elastic Charging Engine, Oracle Communications Order and Service Management, Oracle Communications Unified Assurance, Oracle Communications Unified Inventory Management, Oracle Communications Convergence, Oracle Communications Billing and Revenue Management, Oracle Communications Calendar Server, Oracle Communications Contacts Server, Oracle Communications Instant Messaging Server, Oracle Communications Messaging Server, Oracle Communications MetaSolv Solution, Oracle Communications Pricing Design Center and then Oracle Communications BRM – Elastic Charging Engine

Affected Components: PSR Designer (Apache Commons Text), Cloud native deployment (Apache Commons Configuration), Security (Apache Commons Text), Installer (Apache Commons Text), Core (Apache Commons Text), Message Bus (Apache Log4j, Spring Security), User Interface (PHP), REST API (Spring Security), Rulesets (XStream), Admin Configuration, User Interface (Node.js), Core (Perl DBI), Billing Care, BOC, DM Kafka, REST API (jackson-databind), REST Services Manager (SnakeYaml), Webservices Manager (Jettison), Calendar Server (jackson-databind), Contact Server (jackson-databind), Security (Apache Kafka), DBPlugin (Apache Tomcat), DBPlugin (jackson-databind), ISC (jackson-databind), IMAP (NSS), Utilities (Apache Batik), REST Service Manager (jackson-databind), Core (Go), Integration (Apache Tomcat), Message Bus (jackson-databind), Cloud Native (Traefik), Others (jackson-databind), Policy (Google Protobuf-Java), REST API (Google Gson), Security (Netty), Security (Spring Framework), Core (Helm), Signaling (SnakeYAML), TMF APIs (Spring Framework), ISC (Apache Tika), Customer, Config and then Pricing Manager

CVEs: CVE-2022-42889, CVE-2022-33980, CVE-2022-42889, CVE-2022-42889, CVE-2022-42889, CVE-2019-17571, CVE-2022-22978, CVE-2022-37454, CVE-2022-31692, CVE-2021-41411, CVE-2023-21848, CVE-2022-32212, CVE-2020-16156, CVE-2022-42003, CVE-2022-25857, CVE-2022-40150, CVE-2022-42003, CVE-2022-42003, CVE-2022-34917, CVE-2022-42252, CVE-2022-42003, CVE-2022-42003, CVE-2022-35737, CVE-2022-40146, CVE-2022-42003, CVE-2022-41720, CVE-2022-42252, CVE-2022-42003, CVE-2022-39271, CVE-2022-42003, CVE-2022-3171, CVE-2022-25647, CVE-2021-43797, CVE-2022-22971, CVE-2022-36055, CVE-2022-38752, CVE-2022-22971, CVE-2022-30126, CVE-2023-21824

This Oracle January 2023 security update also includes third-party patches for the following non-exploitable CVEs:

Oracle Communications Products

Products: Oracle Communications Cloud Native Core Unified Data Repository, Management Cloud Engine, Oracle Communications Cloud Native Core Automated Test Suite, Oracle Communications Cloud Native Core Console, Oracle Communications Cloud Native Core Network Exposure Function, Oracle Communications Cloud Native Core Network Function Cloud Native Environment, Oracle Communications Cloud Native Core Network Repository Function, Oracle Communications Cloud Native Core Policy, Oracle Communications Cloud Native Core Security Edge Protection Proxy, Oracle Communications Converged Application Server, Oracle Communications Diameter Signaling Router, Oracle Communications Cloud Native Core Network Slice Selection Function, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Data Analytics Function, Oracle Communications Diameter Intelligence Hub, Oracle Communications and then Performance Intelligence Center (PIC) Software

Affected Components: Signaling (Jenkins Script),Security (Apache Commons Text), ATS Framework (systemd-libs), Install (FreeType), Install/Upgrade (LibExpat), Install (cURL), Install (zlib), Studio (Spring Data Commons), Configuration (Spring Security), Platform (Spring Security), Oracle Linux 8 (FreeType), Installation (Spring Security crypto), Policy (Spring Security), Configuration (Spring Security), Configuration (zlib), Signaling (Apache Commons Text), Core, Virtual Network Function Manager (Apache Common Text), Platform (zlib), Install (Cyrus SASL), Policy (MySQL), Policy (MySQL), Platform (Multiple), Oracle Linux (e2fsprogs), Oracle Linux (libxml2), Installation and Configuration (e2fsprogs), Platform (Kernel), Security (jackson-databind), Signaling (SnakeYAML), Signaling (Undertow), Configuration (Google Protobuf-Java), Configuration (Netty), Configuration (Quarkus), Configuration (jackson-databind), Configuration (undertow-core), Configuration (xnio-api), REST API (jackson-databind), Platform (Google Protobuf-Java), Platform (jackson-databind), Oracle Linux 8 (dnsmasq), Installation (Google Protobuf-Java), Installation (Undertow), Installation (jackson-databind), Platform (Google Protobuf-Java), Platform (jackson-databind), Configuration (jackson-databind), Signaling (Google Protobuf-Java), Signaling (Google Protobuf-Java), Signaling (WebKitGTK), Signaling (jackson-databind), Mediation (jackson-databind), Platform (Apache Tomcat), Management (Google Gson), Virtual Network Function Manager (Kernel), ATS Framework (SnakeYAML), Install (Spring Framework), Install (libxml2), Installation (SnakeYAML), Backend Server (Apache Tomcat), Install (Libgcrypt), Install (Netty) and then Signaling (Spring Framework)

Critical CVEs:

CVEs: CVE-2022-43403, CVE-2022-42889, CVE-2022-2526, CVE-2022-27404, CVE-2022-25315, CVE-2022-42915, CVE-2022-37434, CVE-2018-1273, CVE-2022-31692, CVE-2022-31692, CVE-2022-27404, CVE-2022-31692, CVE-2022-31692, CVE-2022-31692, CVE-2022-37434, CVE-2022-42889, CVE-2023-21890, CVE-2022-42889, CVE-2022-37434, CVE-2022-24407, CVE-2022-21824, CVE-2022-21824, CVE-2022-24903, CVE-2022-1304,CVE-2022-40304, CVE-2022-1304, CVE-2022-0492, CVE-2022-42003, CVE-2022-25647, CVE-2022-25647, CVE-2022-31129, CVE-2020-10735, CVE-2022-42252, CVE-2022-3171, CVE-2022-2509, CVE-2022-2048, CVE-2022-25857, CVE-2022-2053, CVE-2022-3171, CVE-2022-41881, CVE-2022-4147, CVE-2022-42003, CVE-2022-2053, CVE-2022-0084, CVE-2022-42003, CVE-2022-3171, CVE-2022-42003, CVE-2022-0934, CVE-2022-3171, CVE-2022-1319, CVE-2022-42003, CVE-2022-3171, CVE-2022-42003, CVE-2022-42252, CVE-2022-2048, CVE-2022-3510, CVE-2022-2053, CVE-2022-42003, CVE-2022-3171, CVE-2022-3171, CVE-2022-30293, CVE-2022-42003, CVE-2022-42003, CVE-2022-42252, CVE-2022-25647, CVE-2022-3028, CVE-2022-38752, CVE-2022-22971, CVE-2022-29824, CVE-2022-38752, CVE-2022-38752, CVE-2022-38752, CVE-2022-22971, CVE-2022-31629, CVE-2022-38752, CVE-2022-34305,CVE-2021-40528, CVE-2022-24823, CVE-2022-22970

This Oracle January 2023 security update also includes third-party patches for the following non-exploitable CVEs:

  • Oracle Communications Cloud Native Core Binding Support Function
  • Oracle Communications Cloud Native Core Console
  • Oracle SD-WAN Aware

Oracle security update Construction and Engineering

Products: Primavera Gateway, Primavera Unifier
Affected Components: Admin (Apache Commons Text), Admin (Google Protobuf-Java), Admin (Jackson-databind), Event Streams and Communications (Apache Kafka), Document Management (Jackson-databind), WebUI, User Interface (UnderscoreJS)
CVEs: CVE-2022-42889, CVE-2022-3171, CVE-2022-42003, CVE-2022-34917, CVE-2022-42003, CVE-2023-21888, CVE-2021-23358

Oracle E-Business Suite

Products: Oracle Applications DBA, Oracle Collaborative Planning, Oracle HCM Common Architecture, Oracle iSetup, Oracle Learning Management, Oracle Marketing, Oracle Mobile Field Service, Oracle Sales for Handhelds, Oracle Sales Offline, Oracle Web Applications Desktop Integrator, Oracle iSupplier Portal and then Oracle Self-Service Human Resources
Affected Components: Java utils, Installation, Automated Test Suite, General Ledger Update Transform, Reports, Setup, Marketing Administration, Synchronization, Pocket Outlook Sync(PocketPC), Core Components, Download, Supplier Management, Workflow, Approval and then Work Force Management
CVEs: CVE-2023-21849, CVE-2023-21858, CVE-2023-21857, CVE-2023-21856, CVE-2023-21852, CVE-2023-21851, CVE-2023-21853, CVE-2023-21855, CVE-2023-21854, CVE-2023-21847, CVE-2023-21825, CVE-2023-21834

Oracle Financial Services Applications

Products: Oracle Banking Enterprise Default Management, Oracle Banking Party Management, Oracle Financial Services Crime, and Compliance Management Studio, Oracle Banking Loans Servicing and then Oracle Banking Platform
Affected Components: Collections (Apache Commons Configuration), Web UI (Apache Commons Configuration), Studio (Apache Commons Configuration), Collections (Jackson-databind), Web UI (Jackson-databind), Security (Jackson-databind), Studio (Apache Tomcat), Studio (Eclipse Jetty), Studio (Google Protobuf-Java), Studio (Jackson-databind), Collections (SnakeYAML), Web UI (SnakeYAML), Studio (jsoup), Collections (Netty) and then Web UI (Netty)
CVEs: CVE-2022-33980, CVE-2022-33980, CVE-2022-33980, CVE-2022-42003, CVE-2022-42003, CVE-2022-42003, CVE-2022-42003, CVE-2022-42252, CVE-2022-2048, CVE-2022-3171, CVE-2022-42003, CVE-2022-38752, CVE-2022-38752, CVE-2022-36033, CVE-2022-24823, CVE-2022-24823

Oracle MySQL

Products: MySQL Enterprise Monitor, MySQL Server, MySQL Workbench, MySQL Shell, MySQL Connectors, MySQL Cluster

Affected Components: Monitoring: General (Spring Security), Server: Packaging (cURL), Workbench (Zlib), Shell: Core Client (cryptography), Connector/C++ (Cyrus SASL), Connector/ODBC (Cyrus SASL), Workbench (libxml2), Connector/Net (Google Protobuf-Java), Connector/Python (Python), Monitoring: General (Apache Tomcat), Shell: Core Client (Python), Monitoring: General (Spring Framework), Server: Optimizer, Cluster: Internal Operations, Server: Security: Encryption, InnoDB, Server: DML, Server: GIS, Server: PS and then Server: Thread Pooling
CVEs: CVE-2022-31692, CVE-2022-32221, CVE-2022-37434, CVE-2020-36242, CVE-2022-24407, CVE-2022-24407, CVE-2022-40304, CVE-2022-3171, CVE-2022-1941, CVE-2022-42252, CVE-2020-10735, CVE-2022-22971, CVE-2023-21868, CVE-2023-21860, CVE-2023-21875, CVE-2023-21869, CVE-2023-21877, CVE-2023-21880, CVE-2023-21872, CVE-2023-21871, CVE-2023-21836, CVE-2023-21887, CVE-2023-21863, CVE-2023-21864, CVE-2023-21865, CVE-2023-21866, CVE-2023-21867, CVE-2023-21870, CVE-2023-21873, CVE-2023-21876, CVE-2023-21878, CVE-2023-21879, CVE-2023-21881, CVE-2023-21883, CVE-2023-21840, CVE-2023-21882, CVE-2023-21874

Since CVE-2020-36242 is a cryptographic weakness that affects a module distributed by MySQL Shell and is not a functional dependent of MySQL Shell, and cannot be exploited in the shell.

Since CVE-2020-10735 is a bug in Python, distributed by MySQL Shell, and the vulnerable Python module is not a functional dependency of MySQL Shell, it is not exploitable in MySQL Shell.

Oracle Fusion Middleware

Products: Middleware Common Libraries and Tools, Oracle Business Intelligence Enterprise Edition, Oracle Coherence, Oracle Global Lifecycle Management NextGen OUI Framework, Oracle HTTP Server, Oracle Middleware Common Libraries and Tools, Oracle Outside In Technology, Oracle WebCenter Content, Oracle WebCenter Sites, Oracle WebLogic Server, Oracle BI Publisher, Oracle Web Services Manager, Oracle Fusion Middleware MapViewer and then Oracle Access Manager

Affected Components: RDA – Remote Diagnostic Agent (Apache Mina SSHD), Analytics Server (Apache Commons Text), Core (Apache Log4j), End-User Documentation (Apache Mina SSHD), NextGen Installer issues (Apache Mina SSHD), Centralized Third-party Jars (Expat), SSL Module (Apache HTTP Server), SSL Module (OpenSSL), Third-Party Patch (Apache Commons Text), DC-Specific Component (FreeType), DC-Specific Component (zlib), Content Server (Apache Commons Text), WebCenter Sites (Apache Shiro), Centralized Third-Party Jars (jackson-databind), Centralized Third-party Jars (Apache Commons BCEL), Security, Third-Party Patch (Apache Batik), XML Security component, Third-Party Patch (Perl), Majel Mobile Service (Google Gson), Install (Apache Batik), Install (Google Protobuf-Java), NextGen Installer issues (jackson-databind), Centralized Third-party Jars (zlib), SSL Module (cURL), SSL Module (ModSecurity), Centralized Third-party Jars (Libexpat), Third-Party Patch (Enterprise Security API), Third-Party Patch (cURL), DC-Specific Component (LibExpat), Centralized Third-Party Jars (Jettison), Centralized Third-Party Jars (XStream), Samples (Google GSON), Web Container,Core, NextGen Installer issues, SSL Module (libxml2), DC-Specific Component (OpenJPEG), WebCenter Sites (Apache PDFBox), Visual Analyzer, Majel Mobile Service (Kotlin), Third-Party Patch (Apache HttpClient), Third-Party Patch (Hibernate Validator) and then Authentication Engine

CVEs: CVE-2022-45047, CVE-2022-42889, CVE-2022-23305, CVE-2022-45047, CVE-2022-45047, CVE-2022-25236, CVE-2022-31813, CVE-2022-2274, CVE-2022-42889, CVE-2022-27404, CVE-2022-37434, CVE-2022-42889, CVE-2022-40664, CVE-2018-7489, CVE-2022-42920, CVE-2023-21846, CVE-2023-21832, CVE-2020-11987, CVE-2023-21862, CVE-2021-36770, CVE-2022-25647, CVE-2022-40146, CVE-2022-3171, CVE-2022-42003, CVE-2018-25032, CVE-2022-27782, CVE-2021-42717, CVE-2022-43680, CVE-2022-23457, CVE-2021-36090, CVE-2022-43680, CVE-2022-40150, CVE-2022-40153, CVE-2022-25647, CVE-2023-21842, CVE-2023-21837, CVE-2023-21838, CVE-2023-21839, CVE-2023-21841, CVE-2023-21894, CVE-2022-29824, CVE-2022-1122, CVE-2021-31812, CVE-2023-21891,CVE-2023-21892,CVE-2023-21861, CVE-2022-24329, CVE-2020-13956, CVE-2020-10693, CVE-2023-21859

Oracle security updates affected applications:

Oracle Health Sciences Applications

Product: Oracle Health Sciences Empirica Signal
Affected Components: Core (Enterprise Security API), Core (Jackson-databind)
CVEs: CVE-2022-23457, CVE-2022-42003

Oracle Healthcare Applications

Products: Oracle Healthcare Data Repository, Oracle Healthcare Translational Research
Affected Components: FHIR Server (Spring Data Commons), Data Studio (H2 Database), FHIR Server (Spring Framework), Data Studio (Spring Framework)
CVEs: CVE-2018-1273, CVE-2022-23221, CVE-2022-22971

Oracle Hospitality Applications

Product: Oracle Hospitality Cruise Shipboard Property Management System
Affected Component: FMS Suite (DevExpress)
CVE: CVE-2021-36483

Oracle Hyperion

Product: Oracle Hyperion Infrastructure Technology
Affected Components: Installation and Configuration (Apache Commons Text), Installation and Configuration (Apache Struts)
CVEs: CVE-2022-42889, CVE-2021-31805

Oracle Insurance Applications

Product: Oracle Documaker
Affected Component: Development Tools (Apache Xerces-J)
CVE: CVE-2022-23437

Oracle Java SE

Products: Oracle GraalVM Enterprise Edition, Oracle Java SE
Affected Components: Node (Node.js), JSSE, Serialization, Sound
CVEs: CVE-2022-43548, CVE-2023-21835, CVE-2023-21830, CVE-2023-21843

This patch update also includes third-party patches for the following non-exploitable CVEs:

Oracle JD Edwards

Products: JD Edwards EnterpriseOne Orchestrator, JD Edwards EnterpriseOne Tools
Affected Components: E1 IOT Orchestrator Security (Apache Commons Text), Web Runtime SEC (Apache POI)
CVEs: CVE-2022-42889, CVE-2022-26336

Oracle Commerce

Product: Oracle Commerce Guided Search
Affected Components: Content Acquisition System (Spring Framework), Content Acquisition System (Jackson-databind)
CVEs: CVE-2022-22965, CVE-2020-36518

Oracle Enterprise Manager

Products: Enterprise Manager Base Platform, Enterprise Manager Ops Center
Affected Components: Management Agent (Apache Commons Text), Application Config Console (Google Gson), Update Provisioning (Apache HTTP Server)
CVEs: CVE-2022-42889, CVE-2022-25647, CVE-2022-31813

Oracle PeopleSoft

Products: PeopleSoft Enterprise CC Common Application Objects, PeopleSoft Enterprise PeopleTools, PeopleSoft Enterprise CS Academic Advisement
Affected Components: Chatbot Framework (JSON Schema), Elastic Search (JSON Schema), PeopleSoft CDA (Zlib), Cloud Manager (SnakeYAML), Elastic Search (Moment.js), Elastic Search (Jackson-databind), File Processing (cURL), Porting (Python), Security (Jettison), Elastic Search, Panel Processor and then Advising Notes
CVEs:CVE-2021-3918, CVE-2021-3918, CVE-2022-37434, CVE-2022-25857, CVE-2022-31129, CVE-2022-42003, CVE-2022-27782, CVE-2020-10735, CVE-2022-40149, CVE-2023-21844,CVE-2023-21845, CVE-2023-21831

Oracle Food and Beverage Applications

Products: Oracle Hospitality Reporting and Analytics, Oracle Hospitality Gift and Loyalty, Oracle Hospitality Labor Management, Oracle Hospitality Simphony
Affected Components: Reporting, Reporting (Apache Log4j), Engagement (jQuery UI)
CVEs: CVE-2021-2351, CVE-2023-21828, CVE-2023-21826, CVE-2021-44832, CVE-2021-44832, CVE-2021-44832, CVE-2021-41184

Oracle Retail Applications

Product: Oracle Retail Service Backbone
Affected Component: Installation (Jackson-databind)
CVE: CVE-2022-42003

Oracle Siebel CRM

Products: Siebel CRM, Siebel Apps – Marketing
Affected Components: Siebel Core – Server Infrastructure (OpenSSL), Marketing (Apache Log4j)
CVEs: CVE-2022-2274, CVE-2021-44832

Oracle Supply Chain

Products: Oracle AutoVue, Oracle Agile PLM, Oracle Demantra Demand Management
Affected Components: Security (OpenJPEG), Application Server (Apache Xalan-J), Security (Apache Tomcat), Security (NekoHTML), E-Business Collections, Security (Apache Log4j), Installation (Apache POI) and then Security (libpng)
CVEs: CVE-2020-27844, CVE-2022-34169, CVE-2022-42252, CVE-2022-24839, CVE-2023-21850, CVE-2021-44832, CVE-2019-12415, CVE-2019-7317

Oracle Support Tools

Product: OSS Support Tools
Affected Components: Diagnostic Assistant (Apache Mina SSHD), RDA – Remote Diagnostic Agent (Apache MINA SSHD), Services Tools Bundle (Apache Mina SSHD), Diagnostic Assistant (Apache Commons Net), RDA – Remote Diagnostic Agent (Apache Commons Net) and then Services Tools Bundle (Apache Commons Net)
CVEs: CVE-2022-45047, CVE-2021-37533

Oracle Systems

Products: Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, Oracle Solaris
Affected Components: XCP Firmware (Glibc), NSSwitch
CVEs: CVE-2022-23219, CVE-2023-21900

Oracle Utilities Applications

Products: Oracle Utilities Framework, Oracle Utilities Network Management System
Affected Components: General (Apache Commons Text), Content Acquisition System (dom4j), General (Jackson-databind), Installation (Apache Ant), System-Wide (Netty), System-Wide (Apache Log4j) and then System-Wide (Apache Commons IO)
CVEs: CVE-2022-42889, CVE-2020-10683, CVE-2022-42003, CVE-2020-11979, CVE-2021-43797, CVE-2021-45105, CVE-2021-29425

This patch update also includes third-party patches for the following non-exploitable CVEs:

  • Oracle Utilities Network Management System

Oracle Virtualization

Product: Oracle VM VirtualBox
Affected Component: Core
CVEs: CVE-2023-21886, CVE-2023-21898, CVE-2023-21899, CVE-2023-21884, CVE-2023-21885, CVE-2023-21889

This patch update also includes third-party patches for the following non-exploitable CVEs:

However, SanerNow VM and SanerNow PM can detect and automatically fix these vulnerabilities by applying security updates. Therefore, use SanerNow and keep your systems secure and updated.

Share this article