—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Oracle Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

Oracle Communications Unified Assurance

Oracle Database Server

Oracle E-Business Suite

Oracle Hospitality OPERA 5 Property Services

Oracle REST Data Services (ORDS)

For complete list of affected products and versions refer to the Oracle advisory:

https://www.oracle.com/security-alerts/cspumay2026.html

Overview

Multiple vulnerabilities have been reported in various Oracle products. Several of these vulnerabilities are remotely exploitable without authentication and may be exploited over a network without requiring valid user credentials. Successful exploitation of these vulnerabilities could allow attackers to compromise affected systems, resulting in unauthorized access, disclosure of sensitive information, modification of data, or disruption of services.

Target Audience:

Individuals, organizations, database administrators, system administrators, and users of the affected Oracle products.

Risk Assessment:

High risk due to the presence of multiple remotely exploitable vulnerabilities, including vulnerabilities that can be exploited without authentication and affect critical enterprise applications and services.

 

Impact Assessment:

Successful exploitation of these vulnerabilities could result in unauthorized access to sensitive information, compromise of data integrity, service disruption, and impact to the confidentiality, integrity, and availability of affected systems.

Description

Oracle products are widely used across enterprise environments for database management, business applications, communications services, hospitality solutions, and web-based data access services. These products are deployed across various sectors including government, finance, healthcare, telecommunications, manufacturing, and retail.

Oracle has released a Critical Security Patch Update (CSPU) addressing multiple security vulnerabilities across Oracle Communications Unified Assurance, Oracle Database Server, Oracle E-Business Suite, Oracle Hospitality OPERA 5 Property Services, and Oracle REST Data Services. Several of the vulnerabilities may be exploited remotely without authentication over a network. Successful exploitation could enable attackers to gain unauthorized access, disclose sensitive information, manipulate data, or adversely affect the availability and integrity of affected systems.

For complete list of affected products and versions refer to the Oracle advisory:

https://www.oracle.com/security-alerts/cspumay2026.html

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:  

https://www.oracle.com/security-alerts/cspumay2026.html

Vendor Information

Oracle

https://www.oracle.com/security-alerts/

References

 

https://www.oracle.com/security-alerts/cspumay2026.html

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmooLj4ACgkQ3jCgcSdc

ys8Avg//UK0k6K+UQ5mRwEOYyxOX1GyWd77RYLDOHYt/XZcFfDQ0NE6bOYGCR1TZ

WHasL/SN3St8+Y6BgHHOB8tq5E6hvH8VE/S1BzO6x+Cd5TxpbNKJAeiNpaOpiUFO

mD0uaoLCeaGkarLkDaFFLxlgg9EUgA+/6UhekNZ1G+lozYskUzfwEPrAW9qydRdT

hfqQt4BY03uRFmk8koi99jJtl3JozJymObvk3aXfnSkE4PjRV/HEJuKlteekgcOV

dUrhT6js76JkvEuTvwVRY4j0niOaqfnD+gNjRijDhuHOiInlAjRFHknh91Wp/o1u

1ylUYSlYV2+ZN2AJKU9mLJRcYPl+Hil0Z4g+vpN0NtWtnzx1THTJ/3AaszlW8DUo

AYNp81//QzfsCkqW0Xwma1bzJi8F3pWyNLIzLaeqiAGtkj+hyZZdx7sHZ94fdNwJ

nfAN+z+mfqvgRFBUgmCgNG9/nINajvDRiCmdRykA+rl04NmUs+Mwlekf+h1gxsvX

+QvYYDI26kYuAMjjOk5dVftR+j9wxOMkrPvacUlfs+zAFtbZztbYwKBp3wbpEavA

YCKnLHhwI5wYW39qqXBYKEXVh8w51ZhEInF7imGxDSX8elwZLtgVPrkgkErahMGe

4sZfREkNxafvDSzfeJb1JVlp9K+YWAR9nhBm+ZzbRou5+Urhhxg=

=/VJ2

—–END PGP SIGNATURE—–