Oracle has issued an out-of-band emergency security update to address five vulnerabilities, among which one is rated 10 out of 10 on the CVSSv3 bug severity scale, and a second was rated 9.9 out of 10.
These most recent issues affect the
Jolt server protocol that's part of the Tuxedo (Transactions for Unix, Extended for Distributed Operations) component, the core of many of Oracle's middleware products.
JOLTandBLEED similar to Heartbleed... but for Oracle products
The five bugs came to light after prodding by cyber-security firm
ERPScan. The company refers to them collectively under the name of JOLTandBLEED because some of the bugs have the same consequences as the infamous
Heartbleed vulnerability.
An attacker exploiting JOLTandBLEED can expose data that is being processed inside the memory of Tuxedo-based apps, leading to leaks of sensitive information over time.
Oracle and ERPScan say JOLTandBLEED has been confirmed to affect Oracle's PeopleSoft line of products, such as Campus Solutions, PeopleSoft Human Capital Management, PeopleSoft Financial Management, PeopleSoft Supply Chain Management, and others.
