User Tools

Site Tools


infosecnews:oracle2025patches

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
infosecnews:oracle2025patches [2025/01/27 06:25] – draft admininfosecnews:oracle2025patches [2025/02/03 13:22] (current) – Oracle 2025 Securtiy Patches admin
Line 1: Line 1:
-Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services.+**Oracle** Libera su actualizació de seguridad crítica para 2025 [[https://www.oracle.com/security-alerts/|"January 2025 Critical Patch Update (CPU)"]] para corregir 318 vulnerabilidades que afectan a varios de su productos.
  
-The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances.+La vunlerabilidad más severa es un bug que afecta a su "PLM" (Oracle Agile Product Lifecycle Management Framework): **CVE-2025-21556, CVSS score: 9.9** Que podría permitir a un atacante tomar control de instancias susceptibles.
  
-"Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework,according to description of the security hole in the NIST National Vulnerability Database (NVD).+"Una vulnerabilidad facilmente explortable permite a un atacante sin privilegios comprometer via HTTP el **Oracle Agile PLM Framework**de acuerdo la descripción que encontramos en la NVD de NIST (National Vulnerability Database NVD).
  
-It's worth noting that Oracle warned of active exploitation attempts against another flaw in the same product (CVE-2024-21287, CVSS score7.5) in November 2024Both vulnerabilities affect Oracle Agile PLM Framework version 9.3.6.+Para más información sobre todas las vulnerabilidades que cubren este parchehttps://www.oracle.com/security-alerts/cpujan2025.html
  
-"Customers are strongly advised to apply the January 2025 Critical Patch Update for Oracle Agile PLM Framework as it includes patches for [CVE-2024-21287] as well as additional patches," Eric Maurice, vice president of Security Assurance at Oracle, said. 
  
-Some of the other critical severity flaws, all rated 9.8 on the CVSS score, addressed by Oracle are as follows - 
- 
-CVE-2025-21524 - A vulnerability in the Monitoring and Diagnostics SEC component of JD Edwards EnterpriseOne Tools 
-CVE-2023-3961 - A vulnerability in the E1 Dev Platform Tech (Samba) component of JD Edwards EnterpriseOne Tools 
-CVE-2024-23807 - A vulnerability in the Apache Xerces C++ XML parser component of Oracle Agile Engineering Data Management 
-CVE-2023-46604 - A vulnerability in the Apache ActiveMQ component of the Oracle Communications Diameter Signaling Router 
-CVE-2024-45492 - A vulnerability in the XML parser (libexpat) component of Oracle Communications Network Analytics Data Director, Financial Services Behavior Detection Platform, Financial Services Trade-Based Anti Money Laundering Enterprise Edition, and HTTP Server 
-CVE-2024-56337 - A vulnerability in the Apache Tomcat server component of Oracle Communications Policy Management 
-CVE-2025-21535 - A vulnerability in the Core component of Oracle WebLogic Server 
-CVE-2016-1000027 - A vulnerability in the Spring Framework component of Oracle BI Publisher 
-CVE-2023-29824 - A vulnerability in the Analytics Server (SciPy) component of Oracle Business Intelligence Enterprise Edition 
-CVE-2025-21535 is also similar to CVE-2020-2883 (CVSS score: 9.8), another critical security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3. 
- 
-Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2020-2883 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active in-the-wild exploitation. 
- 
-Also addressed by Oracle is CVE-2024-37371 (CVSS score: 9.1), a critical Kerberos 5 flaw affecting its Communications Billing and Revenue Management that could permit an attacker to "cause invalid memory reads by sending message tokens with invalid length fields." 
- 
-The software services provider has additionally released updates to Oracle Linux with 285 new security patches. Users are advised to apply the necessary fixes to keep their systems up-to-date and avoid potential security risks. 
infosecnews/oracle2025patches.1737969909.txt.gz · Last modified: 2025/01/27 06:25 by admin