Oracle Patch Collection A critical bug in the Apache Commons ByteCode engineering library (BCEL), identified as CVE-2023-34462, has a significant impact on the company’s Communications Applications. This API bug was discovered in July 2022 and empowers potential attackers with control over the bytecode generated by the library. Furthermore, this bug extends its influence to PeopleSoft, Communications, Insurance Applications, Retail Applications, Utilities Applications, and Fusion Middleware.Thank you for reading this post, don’t forget to subscribe!
Oracle Communications also inherits a critical vulnerability in OpenSSH, specifically CVE-2023-38408, which was remedied by the project in September 2023. Additionally, Oracle Communications is affected by another vulnerability in PHP, CVE-2023-3824, which was patched in August. Another concerning issue is CVE-2022-36944, which is a deserialization bug in Scala.
Oracle Patch Collection:
Oracle Financial Services Applications receive fixes for three critical vulnerabilities. These include CVE-2023-22946 in Apache Spark, which is also addressed in Oracle Analytics. Additionally, there is CVE-2022-1471 in SnakeYaml, which impacts Retail Applications, Financial Services, and Banking. Lastly, there is CVE-2023-20873 in Spring Boot.
Oracle Patch Collection Within the eight fixes provided for the company’s Fusion Middleware, three critical vulnerabilities stand out in its core component. These are identified as CVE-2023-22069, CVE-2023-22072, and CVE-2023-22089, and all are described as “easily exploited” vulnerabilities that could enable an attacker to compromise the WebLogic server.
Oracle Analytics inherits two more vulnerabilities from the Apache project. These include CVE-2022-26612, which affects the Hadoop unTar function, and CVE-2022-33980, which involves the Apache Commons configuration utility.
Hyperion inherits yet another bug from Apache, specifically CVE-2023-25690, which is a web request smuggling vulnerability found in the project’s HTTP server.
Lastly, a Spring security bug, identified as CVE-2023-34034, makes an appearance in both MySQL and Communications.