Oracle’s Critical Patch Update (CPU) for April 2018 contains 254 new security fixes, 153 of which address vulnerabilities in business-critical applications.
A total of 19 products received security updates in this CPU, including E-Business Suite, Fusion Middleware, Financial Services Applications, Java SE, MySQL, PeopleSoft, Retail Applications, and Sun Systems Products Suite. Nearly half of the bugs are remotely exploitable.
Forty-two of the security holes addressed this month were assessed with a Critical severity rating, with the most severe of them featuring a CVSS score of 9.8. Affected products include Fusion Middleware, Financial Services, PeopleSoft, EBS, and Retail Applications.
Fusion Middleware received 39 patches, the largest number an Oracle product received this month. Thirty of the vulnerabilities may be remotely exploitable without authentication, the software giant explains in its
advisory.
Next in line comes Financial Services Applications, with 36 vulnerabilities patched (18 of which may be remotely exploitable without authentication), followed by MySQL at 33 flaws (2 remotely exploitable) and Retail Applications at 31 bugs (27 remotely exploitable).
