Oracle Publishes 520 New Security Patches with April 2022 CPU

21
Oracle Publishes 520 New Security Patches with April 2022 CPU

As part of its April 2022 Critical Patch Update (CPU), Oracle has released 520 security patches, including over 300 for vulnerabilities that may be abused remotely without authentication.

Seventy-five of the fixes address security flaws of “critical severity,” including three with a CVSS score of ten. The CVSS score for almost 40 of the remaining vulnerabilities is between 8 and 9. Several of the fixes included in this month’s CPU address CVE-2022-22965, a significant remote code execution (RCE) flaw in the Spring Framework (commonly known as Spring4Shell and SpringShell).

CVE-2022-22963, a serious RCE problem in the Spring Cloud Function, is also fixed by one of these patches. With 149 fixes, Oracle Communications received the most in this quarterly CPU.

Read More: https://www.securityweek.com/oracle-releases-520-new-security-patches-april-2022-cpu