—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Oracle Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

Oracle MySQL

Java SE

Oracle Database Server

WebLogic Server

VirtualBox

For complete list of affected products refer to the oracle advisory:

https://www.oracle.com/security-alerts/cpuapr2026.html

Overview

Multiple vulnerabilities have been reported in various Oracle products which could be exploited by a remote attacker to execute arbitrary code, gain elevated privileges, cause denial-of-service conditions, access sensitive information, manipulate data, or bypass security controls on the targeted system.

Target Audience:

Organizations and IT administrators using Oracle Corporation products.

Risk Assessment:

Risk of remote code execution, system instability or sensitive information disclosure.

Impact Assessment:

Potential unauthorized access to sensitive information, denial of service, data manipulation, and complete takeover of control of the target system.

Description

Oracle products are used for several applications including enterprise-level data management, cloud solutions, software development, and business applications. They are employed across a wide range of sectors, including finance, healthcare, manufacturing, government, and retail, among others.

These vulnerabilities exist in various components of Oracle products due to improper input validation, insecure deserialization, access control weaknesses, and memory handling issues. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain elevated privileges, cause denial-of-service conditions, access sensitive information, manipulate data, or bypass security controls on the targeted system.

For complete list of affected products, CVEs, workarounds and solutions, refer to the oracle advisory:

https://www.oracle.com/security-alerts/cpuapr2026.html

Solution

Apply appropriate updates as mentioned in Oracle updates:  

https://www.oracle.com/security-alerts/cpujan2026.html

Vendor Information

Oracle

https://www.oracle.com/security-alerts/cpujan2026.html

References

 

https://www.oracle.com/security-alerts/cpujan2026.html

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnqKE4ACgkQ3jCgcSdc

ys+5fg/+NYnG3m8Tkt1mdP8Dxyvkc8HfpmWc+IYsDUgDXB/HuCtJ4M/iHrCRohN4

hw2Yv/JV/2asMmrrNwbt8FyHakGjQJVuNOyGgAjPOoWHqEcQG1SpjoWaYs8DO0kS

Js64vM0nfZqX0onQjT+OseOnzefaNkMRnI3+A9uiV9Qkx9GJISil5jhr7MUvLPbP

mErnMIxBinXrJnejTTdILPnENqEy7a4HsEKWcG9SnYzdPN+U8GRGLNJEu3PrFqNQ

dKVIosz7Q0YrI0ohjiIkmte6GtKVu9PPS8TLkDiqb3ZOLma72cUrA4XjXQAy0XCj

qdF7pN86nKCbn/Kj4o+Wd8w+Yx+V7UbIq17qcoz+kC4Pn8Jy2ukghcseBk/WgWcI

Z52YiHtWwfTblqrSXfTWpAQut2msnh+7/s2Ly/+w5NN6Q1G6YRZ0ua1K1Q36RC9x

7eBFs7QF08mMfdfAgLQXu4iwRz47c78EuGowYsbikeXLbug6VVzSzItyxUgt74OL

kWUz2bV/YEaB9FH2F0d1AF43CuJBKfSFQCHeQmw2KM5XJs6MA2+truSyDoybayKQ

SUYIADQBqOxozOA1CMzwXgnlrXeoBQKNOCucXQ5ttjjc/qCDCmpHZy9BTPka2J75

knVgV5jVlgxTopadfhkoyirHv+TRifHiRkK+p35Wf0RkeRyyydU=

=eOfY

—–END PGP SIGNATURE—–