Severity
High
Analysis Summary
Oracle Database Server
This Critical Patch Update contains 13 new security patches for Oracle Database Products. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 1 of these patches is applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.
Oracle Big Data Graph
This Critical Patch Update contains 2 new security patches for Oracle Big Data Graph. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Essbase
This Critical Patch Update contains 9 new security patches for Oracle Essbase. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Commerce
This Critical Patch Update contains 3 new security patches for Oracle Commerce. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials.
Oracle Communications Applications
This Critical Patch Update contains 33 new security patches for Oracle Communications Applications. 22 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Construction and Engineering
This Critical Patch Update contains 10 new security patches for Oracle Construction and Engineering. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle E-Business Suite
This Critical Patch Update contains 19 new security patches for Oracle E-Business Suite. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Enterprise Manager
This Critical Patch Update contains 9 new security patches for Oracle Enterprise Manager. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. None of these patches are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager installed.
Oracle Financial Services Applications
This Critical Patch Update contains 17 new security patches for Oracle Financial Services Applications. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Food and Beverage Applications
This Critical Patch Update contains 6 new security patches for Oracle Food and Beverage Applications. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials.
Oracle Fusion Middleware
This Critical Patch Update contains 47 new security patches for Oracle Fusion Middleware. 34 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Hospitality Applications
This Critical Patch Update contains 1 new security patch for Oracle Hospitality Applications. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials.
Oracle Hyperion
This Critical Patch Update contains 6 new security patches for Oracle Hyperion. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Insurance Applications
This Critical Patch Update contains 4 new security patches for Oracle Insurance Applications. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Java SE Executive
This Critical Patch Update contains 6 new security patches for Oracle Java SE. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle JD Edwards
This Critical Patch Update contains 9 new security patches for Oracle JD Edwards. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle MySQL
This Critical Patch Update contains 41 new security patches for Oracle MySQL. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle PeopleSoft
This Critical Patch Update contains 14 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Policy Automation
This Critical Patch Update contains 14 new security patches for Oracle PeopleSoft. 8 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Policy Automation
This Critical Patch Update contains 1 new security patch for Oracle Policy Automation. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Siebel CRM
This Critical Patch Update contains 7 new security patches for Oracle Siebel CRM. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Supply Chain
This Critical Patch Update contains 5 new security patches for Oracle Supply Chain. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Support Tools
This Critical Patch Update contains 1 new security patch for Oracle Support Tools. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Systems
This Critical Patch Update contains 11 new security patches for Oracle Systems. 9 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Oracle Virtualization
This Critical Patch Update contains 6 new security patches for Oracle Virtualization. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Impact
- Unauthorized Access
- Credential Theft
Affected Vendors
Oracle
Affected Products
- Oracle Database Server
- Big Data Spatial and Graph
- Essbase Analytic Provider Services
- Hyperion Essbase Administration Services
- Oracle Commerce Guided Search / Oracle Commerce Experience Manager
- Oracle Communications Billing and Revenue Management
- Oracle Communications BRM – Elastic Charging Engine
- Oracle Communications Design Studio
- Oracle Communications Network Charging and Control
- Instantis EnterpriseTrack
- Primavera Gateway
- Primavera Unifier
- Oracle E-Business Suite
- Oracle Banking Platform
- Oracle Banking Treasury Management
- Oracle Financial Services Crime and Compliance Investigation Hub
- MICROS Compact Workstation 3
- MICROS ES400 Series
- Oracle Hospitality Reporting and Analytics
- JD Edwards EnterpriseOne Orchestrator
- Oracle GraalVM Enterprise Edition
- Oracle Insurance Policy Administration J2EE
- PeopleSoft Enterprise CS Campus Community
- Siebel Applications
- Oracle Agile Engineering Data Management
- Oracle Solaris
- Oracle ZFS Storage Appliance Kit
Remediation
Refer to Oracle Critical Patch Update Advisory – July 2021 for patches, upgrades, or suggested workaround information at