ORACLE JANUARY 2021 CRITICAL PATCH UPDATE

The latest Critical Patch Updates from Oracle have been released, this includes patches to Database, Java (JDK), JD Edwards and Weblogic.

The fixes for JD Edwards are included in Tools 9.2.5.1. This tools release is not compatible with JDE Applications 9.1.

In line with Oracle recommendations Ndevr recommends that these updates are applied as soon as possible.

Details for each component are listed below.

The following information has been extracted from Oracle.com and all information is available in full at https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Java SE Risk Matrix

This Critical Patch Update contains 1 new security patch for Oracle Java SE. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Risk Matrix Definitions are available here: https://www.oracle.com/security-alerts/advisorymatrixglossary.html

Oracle JD Edwards Risk Matrix

This Critical Patch Update contains 5 new security patches for Oracle JD Edwards. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Risk Matrix Definitions are available here: https://www.oracle.com/security-alerts/advisorymatrixglossary.html

Oracle Fusion Middleware Risk Matrix

This Critical Patch Update contains 60 new security patches plus additional third party patches noted below for Oracle Fusion Middleware. 47 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Oracle Database Server Risk Matrix

This Critical Patch Update contains 8 new security patches plus additional third party patches noted below for Oracle Database Products. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. None of these patches are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed.

LEARN MORE ABOUT ORACLE JD EDWARDS