Home » IT Security: Linux, UNIX and Windows are underneath menace – IT safety alert replace on Oracle Fusion Middleware (vulnerability: essential)

IT Security: Linux, UNIX and Windows are underneath menace – IT safety alert replace on Oracle Fusion Middleware (vulnerability: essential)

by admin
IT Security: Linux, UNIX and Windows are underneath menace – IT safety alert replace on Oracle Fusion Middleware (vulnerability: essential)

A safety alert issued by Oracle Fusion Middleware has acquired an replace from BSI. You can learn how affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) revealed an replace on June 3, 2024 to a essential safety gap with a sure vulnerability in Oracle Fusion Middleware identified on April 18, 2017. The safety vulnerability impacts Linux, UNIX and Windows working techniques and merchandise of -Oracle Fusion Middleware and Oracle WebCenter Sites.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: CISA Catalog of Known Vulnerable Persons (As of June 3, 2024). Some helpful sources are listed later on this article.

Oracle Fusion Middleware Security Advisory – Critical Risk

Risk stage: 5 (essential)
CVSS Base Score: 9.8
CVSS provisional rating: 9.6
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS commonplace makes it doable to check potential or precise safety dangers primarily based on varied standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally consider adjustments over time within the danger state of affairs. The severity of the present vulnerability is classed as “essential” in accordance with the CVSS with a base rating of 9.8.

Oracle Fusion Middleware Bug: Impact of IT Attacks

Oracle Fusion Middleware consists of a number of merchandise for constructing, deploying and managing clever enterprise purposes.

See also  Capcom's Upcoming Action RPG "Dragon's Dogma 2" Reveals First Trailer – PlayStation.Blog

A distant, unknown attacker might exploit a number of vulnerabilities in Oracle Fusion Middleware, compromising integrity, confidentiality, and availability.

Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2012-1007, CVE-2014-0114, CVE-2015-5351, CVE-2015-7501, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-1816-201 2016-1182 , CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2016-26302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-60526, CVE-2016-63529, CVE-2016-6308 2017-3230, CVE-2017-3499, CVE-2017-3506, CVE-2017-3507, CVE-2017-3531, CVE-2017-3540, CVE-2017-3541, CVE-542, CVE-542, CVE- 542 2017-3543, CVE-2017-3545, CVE-2017-3553, CVE-2017-3554, CVE-2017-3591, CVE-2017-3593, CVE-2017-3594, CVE-2017-3594, CVE-2017-3594 3596, CVE-2017-3597, CVE-2017-3598, CVE-2017-3601, CVE-2017-3602, CVE-2017-3603, CVE-2017-3625, CVE-2017-3562-3626 und on the market.

Systems affected by the safety hole at a look

Operating techniques
Linux, UNIX, Windows

Products
Oracle Fusion Middleware (cpe:/a:oracle:fusion_middleware)
Oracle WebCenter Sites (cpe:/a:oracle:webcenter_sites)

Common steps to handle IT safety gaps

  1. Users of affected techniques ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For data, see the sources listed within the subsequent part. This typically comprises extra details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently test the required sources to see if a brand new safety replace is out there.

Manufacturer details about updates, patches and workarounds

Here you will see some hyperlinks with details about bug reviews, safety fixes and workarounds.

CISA catalog of identified vulnerabilities vom 2024-06-03 (03.06.2024)
For extra data, see:

See also  How Pegasus spy software threatens democracy in the world (Video)

Oracle Critical Patch Update Advisory – April 2017 – Oracle Fusion Middleware vom 2017-04-18 (18.04.2017)
For extra data, see:

Version historical past of this safety alert

This is model 4 of this IT safety discover for Oracle Fusion Middleware. This doc can be up to date as extra updates are introduced. You can see the adjustments made utilizing the model historical past under.

18.04.2017 – Original Release
19.04.2017 – n
April 18, 2017 – Version not out there
June 3, 2024 – Active exploit reported

+++ Editorial be aware: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy