Oracle has released a patch update addressing multiple vulnerabilities in its July 2022 Patch Tuesday edition. This patch update consists of 349 critical security patches in various Oracle product families.
The July 2022 Critical Patch Update contains 261 out of 349 security updates that address non-Oracle CVEs, or security flaws in third-party products (such open-source components) that are included in and exploitable in the context of their Oracle product distributions. Like the past Critical Patch Update releases, many high and critical vulnerabilities are represented by non-Oracle CVEs (182 of the 261 non-Oracle CVEs).
The advisory covers multiple Oracle product families, including Oracle Database Server, Oracle Big Data Graph, Oracle Virtualization, Oracle Supply Chain, Oracle Retail Applications, Oracle JD Edwards, Oracle MySQL, Oracle Java SE, Oracle Fusion Middleware, Oracle REST Data Services, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, and many more.
This edition contains critical security updates for multiple Oracle product families, including:
- One new security update for Oracle Essbase with a maximum reported CVSS Base Score of 5.8.
- Three new security updates for Oracle Big Data Graph with a maximum reported CVSS Base Score of 7.5.
- Four new security updates for Oracle GoldenGate with a maximum reported CVSS Base Score of 7.5.
- Two new security updates for Oracle REST Data Services with a maximum reported CVSS Base Score of 6.1.
- One new security update for Oracle Spatial Studio with a maximum reported CVSS Base Score of 6.5.
- Nine new security updates for Oracle Database Server with a maximum reported CVSS Base Score of 9.1.
- One of these updates applies to client-only deployments of the Oracle Database.
- One new security update for Oracle Global Lifecycle Management with a maximum reported CVSS Base Score of 4.2.
- One new security update for Oracle Graph Server and Client with a maximum reported CVSS Base Score of 6.5.
- One new security update for Oracle TimesTen In-Memory Database with a maximum reported CVSS Base Score of 8.3.
Some of the important vulnerabilities patched in the security update
- Oracle Coherence: CVE-2022-21570
- Oracle VM VirtualBox: CVE-2022-21571, CVE-2022-21554
- Oracle Java Standard Edition (SE): CVE-2022-34169, CVE-2022-21541, CVE-2022-21540, CVE-2022-21549
- Oracle Solaris 11.4 Support Repository: CVE-2022-21524, CVE-2022-21514, CVE-2022-21533, CVE-2022-21439
- Oracle HTTP Server: CVE-2019-10082, CVE-2020-1927, CVE-2021-35940, CVE-2019-0220, CVE-2020-1927, CVE-2021-35940
- Oracle Database 19c: CVE-2021-45943, CVE-2022-21432, CVE-2022-0839, CVE-2020-26185, CVE-2020-26184, CVE-2022-21565, CVE-2022-34169, CVE-2022-21541, CVE-2022-21540
- Oracle Database 184.108.40.206: CVE-2022-21511, CVE-2020-26185, CVE-2022-21432, CVE-2022-21510, CVE-2022-21565, CVE-2020-26184, CVE-2022-34169, CVE-2022-21541, CVE-2022-21540
- Oracle Database 21c: CVE-2021-45943, CVE-2022-21432, CVE-2020-26185, CVE-2020-26184, CVE-2022-21565, CVE-2022-34169, CVE-2022-21541, CVE-2022-21540, CVE-2020-26185, CVE-2020-26184
- Oracle WebLogic Server: CVE-2019-17566, CVE-2020-36518, CVE-2021-40690, CVE-2022-21548, CVE-2022-21557, CVE-2022-21560, CVE-2022-21564, CVE-2022-23457, CVE-2022-29577, CVE-2021-26291, CVE-2020-11987
- Oracle MySQL: CVE-2022-21455, CVE-2022-21556, CVE-2022-1292, CVE-2022-21515, CVE-2018-25032, CVE-2022-27778, CVE-2022-21509, CVE-2022-21517, CVE-2022-21522, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21534, CVE-2022-21537, CVE-2022-21538, CVE-2022-21539, CVE-2022-21547, CVE-2022-21553, CVE-2022-21569
Visit the Oracle Critical Patch Update Advisory – July 2022 page to access the full description of each vulnerability and the systems that it affects.
Customers can scan their network with QIDs 87496, 376737, 376736, 376735, 376733, 296058, 20266, 20265, 20264, 20263, 20262 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.