Oracle is preparing to patch 37 security vulnerabilities next Tuesday as part of its quarterly patch release cycle.
The updates span all of Oracle's enterprise applications, ranging from its database software to the Oracle, JD Edwards, Peoplesoft and Siebel enterprise applications. Seven of the vulnerabilities can be remotely exploited by an attacker without the need for a username or password.
The severity of the vulnerabilities ranges from a Common Vulnerability Scoring System (CVSS) score of 1.4, or very minor, to 7.0, the system's highest threat level.
Oracle's previous patch was issued in January and plugged 52 vulnerabilities. That update was the first to be preceded by an advance warning. The company expects that issuing advance warnings will give system administrators more time to prepare for the updates.
Oracle moved to a quarterly update system in 2004 in hopes that less-frequent patch releases would ease the burden on IT departments charged with installing and testing the updates.
The company came under fire late last year from security experts who claimed that avenues for attack in the Oracle software are plentiful and easy to find. Experts have also been critical of the way Oracle handles vulnerability disclosures and security fixes.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all