Oracle Critical Patch Update(January 2021)

Note:  CVSS score 8.8(for databases) and 9.8(WebLogic servers). 

The critical patch update put forward by Oracle contains 329 new security patches that affects a variety of oracle products. 

The advisory of the patch update is given below: 

https://www.oracle.com/security-alerts/cpujan2021.html#AppendixDB 

Oracle continues to provide security patches for users so they can avoid any vulnerabilities or exploits. This blog specifically summarizes the advisory and the patch updates’ effect on products. The patch update affects WebLogic servers, databases, middleware, applications, supply chain products, and more.  

Databases themselves have major patches put forward affecting components like RDBMS Scheduler, RDBMS Sharding, and Advanced Networking Option. The given components have a maximum base CVSS score of 8.8.  

A detailed report of the database components and the risks posed to them can be found in the link below: 

https://www.oracle.com/security-alerts/cpujan2021verbose.html#DB 

Another recent vulnerability has been found within Oracle’s Weblogic servers. The following are the reports relevant to the server: 

https://nvd.nist.gov/vuln/detail/CVE-2020-14882 

https://www.exploit-db.com/exploits/49479 

The console component is affected in the Oracle Fusion Middleware. The versions affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks can result in WebLogic server takeover. The CVSS base score of this vulnerability is 9.8.  

Leave a Comment