Oracle critical patch fixes 349 vulnerabilities across 135 oracle applications. Patch Now

A Critical Patch Update having  349 new security patches across different Oracle product families has been released. It is a collection of patches for multiple security vulnerabilities. These patches fix  vulnerabilities in Oracle code and in third-party components included. These patches are usually cumulative. The customers should review previous Critical Patch Update advisories for information regarding earlier published security patches.  After the April 2022 Critical Patch Update, Oracle has also released a Security Alert for Oracle E-Business Suite CVE-2022-21500 (May 19, 2022).

Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.

Financial Services Applications received the largest number of fixes in this month’s set of quarterly patches, at 59. Of these, 38 resolve vulnerabilities that can be exploited remotely, without authentication.

Oracle Communications was the second most impacted product, with 56 new security patches, including 45 for bugs exploitable remotely by unauthenticated attackers.

Fusion Middleware (38 security patches – 32 for vulnerabilities remotely exploitable, without authentication) and MySQL (34 – 10) continued to receive a large number of fixes, followed by Supply Chain (24 – 19), Communications Applications (17 – 12), Retail Applications (17 – 13), Commerce (12 – 10) and PeopleSoft (11 – 9).

Other Oracle products that received patches this month include Database Server, Construction and Engineering, Systems, E-Business Suite, Enterprise Manager, Health Sciences Applications, JD Edwards, Java SE, and GoldenGate.

Customers are strongly advised to apply the July 2022 Critical Patch Update for Oracle E-Business Suite, which includes patches for this Alert as well as additional patches.