Oracle releases Security/Critical Patch Updates every quarter in January, April, July, and October for the full range of its offerings including Database, E-Business Suite, Fusion Middleware, and Java.
The product patches are typically cumulative in that the latest version of the CPU patch for each product contains all fixes released in previous patches as well as any new changes.
Any new security issue is giving a risk rating based on Oracle’s Common Vulnerability Scoring System (CVSS), with a range from 0 to 10. This rating is based on factors such as how easy the security flaw can be exploited and the impact that it would have on the system.
The latest security update (CPUApr2020) includes fixes for 399 new security problems since CPUJan2020, several which have a CVSS rating of 9.0 or higher including:
- CVE-2020-2961 for Enterprise Manager Base Platform (CVSS rating 9.8)
- CVE-2020-2950 and CVE-2016-1000031 for Oracle Business Intelligence Enterprise Edition (CVSS rating 9.8)
- CVE-2019-17571, CVE-2019-16943, CVE-2020-2801, CVE-2020-2883 and CVE-2020-2884 for Weblogic Server (CVSS rating 9.8)
It is best practice and Oracle strongly recommends that every Critical Patch Update is applied as soon as possible but this is particularly relevant when a product has a new security patch fix with high CVSS ratings
Kevin Behan, Managed Services Database Administrator (DBA) at Claremont, with over 20 years of experience in the world of Oracle.
Choosing the right Managed Services Provider
If you are looking for an Oracle partner who can help you with your Oracle Managed Services and goes about it the right way and can back up the talk, then contact us. If you would like to find out more about the E-Business Suite updates or have a question, you can email us at info@claremont.co.uk or phone us on +44 (0) 1483 549004