Software giant Oracle is expected to release patches for 320 new security vulnerabilities affecting over 90 products and services across 27 categories.
These categories include Oracle’s Communications applications and executives, Construction and Engineering appliances, middleware and servers, and products and services part of the Oracle E-Business Suite.
According to a pre-release announcement, the concerned vulnerabilities range from low – with some being attributed CVSS scores between 4 and 6 – to critical severity.
The most critical flaws, with a CVSS score of 9.9, affect the Oracle Supply Chain product range, namely Oracle Agile Engineering Data Management version 6.2.1 and Oracle Agile PLM Framework version 9.3.6.
At least five other vulnerabilities have been allocated a 9.8 CVSS score, suggesting high severity.
Read more about updates: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
The finalized January 2025 Critical Patch Update is scheduled for release on January 21.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible,” the pre-release announcement said.
Earlier in January, the US Cybersecurity and Infrastructure Security Agency (CISA) added an older vulnerability in Oracle WebLogic Server (CVE-2020-2883) to its Known Exploited Vulnerabilities (KEV) catalog, showing that five-year-old Oracle flaws are still left unpatched on some networks.
Read now: Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities
Photo credits: JHVEPhoto/Danille Nicole Wilson/Shutterstock
