Oracle fixes 497 vulnerabilities

In total, Oracle fixed 497 vulnerabilities with the January update. The vulnerabilities are spread over approximately 41 products. There are 3 products with a vulnerability with a CVSS-score of 9.8. The CVSS scale runs for 0 till 10. A score of 9.8 or higher is rare and implies a high risk of exploiting with a high impact. An overview of the most severe vulnerabilities with a CVSS-score of 9.8 residing in Oracle Enterprise Manager, Oracle Financial Services Applications and Oracle Fusion Middleware can be found below: The CVE-2021-3177 vulnerability for the Oracle Enterprise Manager products is a remote code execution vulnerability and allows an unauthenticated remote attacker to execute code. The CVE-2019-17495 vulnerability for the Oracle Financial Services Applications is a vulnerability which allows an unauthenticated attacker to access or modify sensitive data remotely. Oracle Fusion Middleware is vulnerable for CVE-2020-17530, CVE-2022-21306 and CVE-2021-35587 which allows an unauthenticated attacker with network access to execute code. These vulnerabilities allow a remote unauthenticated attacker to perform code execution or access and modify sensitive data. Currently there is no evidence that these vulnerabilities are being exploited in the wild. However, the release of patches often enables attackers to develop exploits. A public exploit for either of these vulnerabilities is expected. Oracle has published an article that lists the affected products and versions. The advice is to check whether you are using these products and to install the available updates. The article can be found here: https://www.oracle.com/security-alerts/cpujan2022.html It is recommended to install the patch if it is available for your product(s). When a patch is not available for a given vulnerability, the following general advice applies: Apply a work-around, if provided by a supplier; Restrict network access to the system until a patch is available.