It’s been a busy week at Oracle. The company has recently released a massive flurry of patches that fix a staggering 136 security issues for a wide range of the products it sells. This release comes in tandem with the decision to switch from CVSS 2.0 to CVSS 3.0 (the Common Vulnerability Scoring System).
The change is significant because the switch to the more up to date CVSS changes the way security issues are rated, on balance, increasing the severity level of known issues. In Oracle’s case in particular, the switch saw their number of security vulnerabilities rated 10.0 (the maximum) drop from five (CVSS 2.0) to zero (CVSS 3.0), but overall, the number of issues considered critical have increased from 9 to 17. Note that for the sake of completeness and transparency, the company is reporting all of its security issues using both the CVSS 2.0 and CVSS 3.0 values.
Oracle products that currently have vulnerabilities rated as high (a CVSS score ranging from 7.0 to 8.9) or critical (a score of 9.0 to 10.0) are as follows: Oracle Berkeley DB, Oracle MySQL Oracle Virtualization, Oracle Sun Systems Products, Oracle Java SE, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Supply Chain Products Suite, Oracle PeopleSoft Products, Oracle Financial Services Software, Oracle Database Server, and Oracle Fusion Middleware. If you are currently using any of the above, you should update immediately.
If the blistering pace of change in the tech world leaves your head spinning, and you’re struggling to keep abreast of all the changes, but want to ensure your company, core systems, and data are all as secure as they can be, contact us today. A member of our team will be in touch to assess your IT Infrastructure, identify weaknesses in your system’s security, and help you shore up any weak spots we identify.