Oracle has released its largest set of security fixes to patch 276 vulnerabilities in the firm's enterprise software. Nineteen of the fixes are rated 9.8 out of 10 for severity and will need the immediate attention of IT managers.
July's patches from Oracle outdo the company's previous record of 248 in January.
Enterprise software security company ERPScan said that most of the fixes relate to Oracle's Fusion Middleware and Oracle Sun Systems Products Suite, but 36 address vulnerabilities in industry-specific ERP systems.
This includes 10 that can be exploited remotely without authentication, making them particularly dangerous, and 16 affecting the retail sector.
More than 40 per cent of the patches are intended to fix flaws in Oracle's various enterprise resource planning applications, including Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server.
But the most critical problems, rated 9.8 out of 10 according to Oracle's own risk matrices, affect Oracle WebLogic Server, Oracle Director Server (enterprise edition), Hyperion Financial Reporting, Oracle Health Sciences Clinical Development Centre and Oracle Secure Global Desktop.
ERPScan said in a security blog post that the WebLogic Server vulnerability is "easily exploitable", and enables an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.
Similar attacks affect Directory Server, Oracle Health Sciences and the Hyperion Financial Reporting package.
The Oracle Secure Global Desktop, meanwhile, suffers from an "easily exploitable" vulnerability that allows an unauthenticated attacker with network access via SSL/TLS to compromise Oracle Secure Global Desktop.
"Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop," said ERPScan.
"It is highly recommended that organisations patch all these vulnerabilities to prevent business risks affecting their systems.
"Companies providing Oracle Security assessment and Oracle Penetration testing services should include these vulnerabilities in their check lists."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago