Oracle has released its largest set of security fixes to patch 276 vulnerabilities in the firm's enterprise software. Nineteen of the fixes are rated 9.8 out of 10 for severity and will need the immediate attention of IT managers.
July's patches from Oracle outdo the company's previous record of 248 in January.
Enterprise software security company ERPScan said that most of the fixes relate to Oracle's Fusion Middleware and Oracle Sun Systems Products Suite, but 36 address vulnerabilities in industry-specific ERP systems.
This includes 10 that can be exploited remotely without authentication, making them particularly dangerous, and 16 affecting the retail sector.
More than 40 per cent of the patches are intended to fix flaws in Oracle's various enterprise resource planning applications, including Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server.
But the most critical problems, rated 9.8 out of 10 according to Oracle's own risk matrices, affect Oracle WebLogic Server, Oracle Director Server (enterprise edition), Hyperion Financial Reporting, Oracle Health Sciences Clinical Development Centre and Oracle Secure Global Desktop.
ERPScan said in a security blog post that the WebLogic Server vulnerability is "easily exploitable", and enables an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
Similar attacks affect Directory Server, Oracle Health Sciences and the Hyperion Financial Reporting package.
The Oracle Secure Global Desktop, meanwhile, suffers from an "easily exploitable" vulnerability that allows an unauthenticated attacker with network access via SSL/TLS to compromise Oracle Secure Global Desktop.
"Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop," said ERPScan.
"It is highly recommended that organisations patch all these vulnerabilities to prevent business risks affecting their systems.
"Companies providing Oracle Security assessment and Oracle Penetration testing services should include these vulnerabilities in their check lists."
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally