infosecnews:oracle2025patches
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
infosecnews:oracle2025patches [2025/01/27 06:25] – draft admin | infosecnews:oracle2025patches [2025/02/03 13:22] (current) – Oracle 2025 Securtiy Patches admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | Oracle | + | **Oracle** Libera su actualizació de seguridad crítica para 2025 [[https:// |
- | The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management | + | La vunlerabilidad más severa es un bug que afecta a su " |
- | "Easily exploitable vulnerability allows low privileged attackers with network access | + | "Una vulnerabilidad facilmente explortable permite a un atacante sin privilegios comprometer |
- | It's worth noting that Oracle warned of active exploitation attempts against another flaw in the same product (CVE-2024-21287, | + | Para más información sobre todas las vulnerabilidades que cubren este parche: https://www.oracle.com/ |
- | " | ||
- | Some of the other critical severity flaws, all rated 9.8 on the CVSS score, addressed by Oracle are as follows - | ||
- | |||
- | CVE-2025-21524 - A vulnerability in the Monitoring and Diagnostics SEC component of JD Edwards EnterpriseOne Tools | ||
- | CVE-2023-3961 - A vulnerability in the E1 Dev Platform Tech (Samba) component of JD Edwards EnterpriseOne Tools | ||
- | CVE-2024-23807 - A vulnerability in the Apache Xerces C++ XML parser component of Oracle Agile Engineering Data Management | ||
- | CVE-2023-46604 - A vulnerability in the Apache ActiveMQ component of the Oracle Communications Diameter Signaling Router | ||
- | CVE-2024-45492 - A vulnerability in the XML parser (libexpat) component of Oracle Communications Network Analytics Data Director, Financial Services Behavior Detection Platform, Financial Services Trade-Based Anti Money Laundering Enterprise Edition, and HTTP Server | ||
- | CVE-2024-56337 - A vulnerability in the Apache Tomcat server component of Oracle Communications Policy Management | ||
- | CVE-2025-21535 - A vulnerability in the Core component of Oracle WebLogic Server | ||
- | CVE-2016-1000027 - A vulnerability in the Spring Framework component of Oracle BI Publisher | ||
- | CVE-2023-29824 - A vulnerability in the Analytics Server (SciPy) component of Oracle Business Intelligence Enterprise Edition | ||
- | CVE-2025-21535 is also similar to CVE-2020-2883 (CVSS score: 9.8), another critical security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3. | ||
- | |||
- | Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2020-2883 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active in-the-wild exploitation. | ||
- | |||
- | Also addressed by Oracle is CVE-2024-37371 (CVSS score: 9.1), a critical Kerberos 5 flaw affecting its Communications Billing and Revenue Management that could permit an attacker to "cause invalid memory reads by sending message tokens with invalid length fields." | ||
- | |||
- | The software services provider has additionally released updates to Oracle Linux with 285 new security patches. Users are advised to apply the necessary fixes to keep their systems up-to-date and avoid potential security risks. |
infosecnews/oracle2025patches.1737969909.txt.gz · Last modified: 2025/01/27 06:25 by admin