Brook  Legros

Brook Legros

1631602800

Content Authoring and Collaboration in Oracle Content Management

In this video you will learn about: Content Authoring and Collaboration in Oracle Content Management
#oracle 

What is GEEK

Buddha Community

Content Authoring and Collaboration in Oracle Content Management
Justyn  Ortiz

Justyn Ortiz

1603465200

Oracle Kills 402 Bugs in Massive October Patch Update

Business software giant Oracle is urging customers to update their systems in the October release of its quarterly Critical Patch Update (CPU), which fixes 402 vulnerabilities across various product families.

Well over half (272) of these vulnerabilities open products up to remote exploitation without authentication. That means that the flaw may be exploited over a network without requiring user credentials.

The majority of the flaws are in Oracle Financial Services Applications (53), Oracle MySQL (53), Oracle Communications (52), Oracle Fusion Middleware (46), Oracle Retail Applications (28) and Oracle E-Business Suite (27). But overall, 27 Oracle product families are affected by the flaws. Users can find a patch availability document for each product, available here.

“Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches,” according to the company’s release on Tuesday. “In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.”

While details of the flaws themselves are scant, two of the critical vulnerabilities disclosed by Oracle rank the highest severity score – 10 out of 10 – on the CVSS scale.

These include a flaw in the self-service analytics component of Oracle Healthcare Foundation, which is a unified healthcare-analytics platform that is part of the Oracle Health Science Applications suite. The flaw (CVE-2020-1953), which can be remotely exploited without requiring any user credentials, requires no user interaction and is easy to exploit, according to Oracle. Affected supported versions include 7.1.1, 7.2.0, 7.2.1 and 7.3.0.

The second severe flaw (CVE-2020-14871) exists in the pluggable authentication module of Oracle Solaris, its enterprise operating system for Oracle Database and Java applications (part of the Oracle Systems risk matrix). The flaw is also remotely exploitable without user credentials, requires no user interaction and is a “low-complexity” attack. Versions 10 and 11 are affected.

Sixty-five of the vulnerabilities also had a CVSS base score of 9.8 (and six had a score of 9.4) out of 10, making them critical in severity.

Oracle did offer some workarounds, advising that for attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Users can also reduce the risk of successful attack by blocking network protocols required by an attack.

However, both these approaches may break application functionality, and Oracle does not recommend that either approach be considered a long-term solution as neither corrects the underlying problem.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible,” according to the company.

Oracle releases its CPUs on the Tuesday closest to the 17th day of January, April, July and October.

Previous quarterly updates have stomped out hundreds of bugs across the company’s product lines, including one in April that patched 405. There are also out-of-band updates; in June for instance, Oracle warned of a critical remote code-execution flaw in its WebLogic Server being actively exploited in the wild.

#vulnerabilities #web security #cpu #critical patch update #cve-2020-14871 #cve-2020-1953 #oracle #oracle communications #oracle e-business suite #oracle financial services applications #oracle fusion middleware #oracle mysql #oracle retail applications #quarterly patch update #remote code execution #security update

Brook  Legros

Brook Legros

1626755860

Using Conversations in Oracle Content Management

Learn how to use conversations in Oracle Content Management.

#oracle content management #oracle

Brook  Legros

Brook Legros

1626766680

Syncing Files to Your Desktop with Oracle Content Management

This short video details how to sync files between your local desktop computer and Oracle Content Management.

Oracle Content Management. Simple. Secure. Everywhere.


21.6.1

=======================
To improve the video quality, click the gear icon and set the Quality to
1080p/720p HD.

#oracle content management #oracle

Brook  Legros

Brook Legros

1626770400

Getting Started with Oracle Content Management as an Administrator

Learn how to get started with Oracle Content Management as an administrator.

#oracle content management #oracle

Brook  Legros

Brook Legros

1626755809

Sharing Files and Folders in Oracle Content Management

Learn how to share files and folders in Oracle Content Management.

#oracle content management #oracle