Oracle fixes 265 vulnerabilities in July’s Critical Patch Update.
Background
On July 16, Oracle released its Critical Patch Update (CPU) for July 2019 as part of its quarterly release of fixes for vulnerabilities. This update contains fixes for 265 CVEs, according to the Oracle Advisory to CVE Map, across several Oracle products.
Analysis
Oracle’s July 2019 CPU contains 265 addressed CVEs across 25 products, and many of those vulnerabilities have a critical CVSS rating of 9.8. These critical vulnerabilities are unauthenticated remote code execution (RCE) vulnerabilities that could lead to full application takeover when exploited. Oracle's Risk Matrix page has full descriptions for all the patched vulnerabilities in this update.
This CPU also contains fixes for CVE-2019-2725 and CVE-2019-2729, which Tenable covered CVE-2019-2725 back in April and CVE-2019-2729 in June.
Solution
Customers are advised to apply all relevant patches provided by Oracle in this CPU. Please refer to the July 2019 advisory for full details.
Identifying affected systems
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
Get more information
- Oracle Critical Patch Update Advisory - July 2019
- Oracle Advisory to CVE Map
- July 2019 CPU Risk Matrix Page
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.