Oracle's Critical Patch Update April 2022: Here’s what you need to do

Harriet Lewis 20-Apr-2022 13:54:15

Oracle releases a Critical Patch Update once every quarter with a collection of patches for various security vulnerabilities for both code and third-party components which are part of Oracle products.

Oracle has recently released its latest Critical Patch Update with a list of 520 vulnerabilities across a range of Oracle products. 

What should I do?

We’ve listed below the products affected and the number of identified vulnerabilities for them. If you use any of these products, it’s essential you take action to address the potential vulnerabilities in your estate. But don’t worry, we are here to help. Organisations often approach us at this time to make use of our Oracle Consultancy services and help them get on top of their patches. So, if this is an area of concern for you, please do get in touch.

List of identified products and vulnerabilities

  • Oracle Database Products: 29
  • Oracle E-Business Suite Products: 5
  • Oracle Enterprise Manage Products: 10
  • Oracle Fusion Middleware Products: 54
  • Oracle Hyperion Products: 12
  • Oracle Java SE Products: 7
  • Oracle JD Edwards: 8
  • Oracle MySQL: 43
  • Oracle PeopleSoft: 14
  • Oracle Support Tools: 3
  • Oracle Systems Products: 20
  • Oracle Taleo: 1
  • Oracle Virtualization Products: 6

List of verticalized products and vulnerabilities

  • Oracle Utilities Framework: 1
  • Oracle Retail Products: 30
  • Oracle Supply Chain Products: 11
  • Oracle iLearning: 1
  • Oracle Insurance Applications Products: 7
  • Oracle Health Sciences Applications Products: 3
  • Oracle Healthcare Applications Products: 10
  • Oracle Hospitality Applications Products: 6
  • Oracle Financial Services Applications Products: 41
  • Oracle Construction and Engineering Products: 3
  • Oracle Commerce Products: 7
  • Oracle Communications Applications Products: 39
  • Oracle Communications Products: 149

Some of these vulnerabilities are particularly problematic because they can be remotely exploitable without authentication (over a network without requiring user credentials to access), so it's important to prioritise these patches.

Seeing a long list of vulnerabilities can be worrying, but as long as you stay up to date with your patching, your hardware and applications will remain secure. Please do get in touch if you would like any support or advice on patching or securing your estate in general.