34 bugs dubbed as “remotely exploitable without authentication”
As part of its quarterly security update, Oracle is releasing 66 patches for 28 products. The fixes include critical vulnerabilities in Oracle products such as Audit Vault, JRockit, Solaris and WebLogic.
These four products may be exploited over a network without the need for a username and password, the company said.
"That’s especially dangerous for a security application such as Oracle Audit Vault, which is meant to create a verifiable audit trail," Oracle added.
The US technology corporation described 34 bugs as "remotely exploitable without authentication" and gave it a score of "10" as the most severe of vulnerabilities on the Oracle Common Vulnerability Scoring System (CVSS).
Of the 28 products to be patched, several products such as Oracle Sun Products Suite (which includes 10 affected products such as the Solaris operating system and Java System Access Manager) and Oracle Fusion Middleware, which includes nine affected products such as HTTP Server and JRockit, are actually product bundles.
The Oracle Open Office suite’s vulnerabilities rate a 9.3 on the CVSS scale, while those in Oracle Database Server rate a 7.5.
Oracle Database 10g and 11g, Secure Backup, E-Business Suite 11i and 12, and PeopleSoft are also getting security updates.