Over 50% of Oracle’s flaws in its quarterly patch update can get remotely exploitable without authentication; both have CVSS scores of 10 out of 10. Oracle, the business software giant, urges customers to promptly update their systems in the October release of the quarterly Critical Patch Update (CPU), which effectively fixes 402 vulnerabilities across all product families.
Well, over half (272) of such vulnerabilities open products up to remote exploitation with no authentication. This means that the flaw may be exploited over a network without needing user credentials.
While details of such flaws themselves are scant, two of the crucial vulnerabilities disclosed by Oracle rank the greatest severity score – 10 out of 10 – on the CVSS scale.