Home > Cyber News > Oracle Fixes CVE-2017-3622, 298 Security Flaws in April 2017’s Advisory

Oracle Fixes CVE-2017-3622, 298 Security Flaws in April 2017’s Advisory

Oracle has just issued a patch addressing a whole lot of vulnerabilities, 299 to be particular. This patch is making a new record, breaking last year’s July patch of 276 flaws.

The company has addressed 39 MySQL and 39 Oracle Retail flaws, 47 Financial Services flaws, and 8 Java bugs. Of the 299 vulnerabilities more than 100 are deemed remotely exploitable.

299 Security Patches Issued by Oracle in April 2017 Advisory

The software company just released a security advisory documenting the 299 security flaws in most of its products such as Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise, Java. However, most of the fixes are for Oracle Financial Services, Retail, Communications, and My SQL software. The flaws in these services could be exploited remotely via HTTP which could lead to the complete hijacking of the vulnerable systems.

Related: Oracle Has Fixed 270 Security Flaws in Its Products

Oracle also fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts, as pointed out by Qualys. In addition, the struts fix was applied to 19 instances of Oracle Financial Services Applications together with WebCenter, WebLogic, Siebel, Oracle Communications, MySQL and Oracle Retail.

CVE-2017-3622 Also Fixed

CVE-2017-3622 is one of the flaws discovered in Solaris 10 and 11.3 via the Shadow Brokers dump. Not surprisingly, the patch is critical and according to reports received by Oracle the flaw has been successfully exploited in outdated software. Thus, IT admins should hurry to patch vulnerable systems as soon as possible to avoid attacks.

The Java Fixes

As reported by Qualys, Java SE was patched with 8 security fixes 7 of which could be exploited remotely without the need of authentication. AWT, JCE and other Java networking components were also affected and could have been exploited via FTP, SMTP and a bunch of other protocols.

Related: Serious Java Deserialization Vulnerability Uncovered in 70 Libraries

In conclusion, this has been another huge set of patches where Oracle has issued 299 security fixes concerning all product families, addressing Apache Struts and patching additional 162 flaws that could be exploited remotely.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree