Oracle has released its April 2023 Critical Patch Update.This Critical Patch Update contains 433 new security patches across the product families. For details, please visit the Oracle official website:
https://www.oracle.com/security-alerts/cpuapr2023.html
If you are an Oracle user, check your version and implement timely security hardening.
Severity: important
(Severity: low, moderate, important, and critical)
Among the vulnerabilities involved in this security update, there are a total of 266 high-risk vulnerabilities and 389 remotely exploitable vulnerabilities.
Vulnerabilities listed below are some of the important ones. For more information, refer to the official website of Oracle.
| CVE ID | Severity | Description | Affected Products |
| CVE-2023-21912 | important | Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | MySQL Server <=5.7.41MySQL Server <=8.0.30 |
| CVE-2023-21996 | important | Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. | Oracle WebLogic Server 12.2.1.3.0Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0 |
| CVE-2023-21964 | important | Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. | Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0 |
| CVE-2023-21931 | important | Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. | Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0 |
| CVE-2023-21979 | important | Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. | Oracle WebLogic Server 12.2.1.3.0 Oracle WebLogic Server 12.2.1.4.0 Oracle WebLogic Server 14.1.1.0.0 |
If your service version falls into the affected range, upgrade the critical patch to reduce attack risks. For details, see the official announcement.
https://www.oracle.com/security-alerts/cpuapr2023.html
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.
Get more professional support at any time
Contact Us
