Oracle has plans to deliver 46 security fixes for its customers by July 17. According to an Oracle security announcement, the patches will plug security holes in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications and Oracle PeopleSoft Enterprise products. The most serious of the flaws—two vulnerabilities affecting Oracle PeopleSoft Enterprise products—have a CVSS score of 4.8. Twenty of the 46 fixes address issues in the database, and two of the flaws can be exploited remotely over a network without the need for a username and password. Fourteen others fix flaws in the Oracle E-Business Suite and Applications, six of which may be remotely exploited without authentication.
In addition, four fixes are slated to be issued for Oracle Application Server, and three are to be issued for Oracle PeopleSoft Enterprise PeopleTools. Three of the flaws affecting Oracle Application Server can be exploited remotely. The upcoming July 17 fixes are part of the company"s Critical Patch Update releases, issued four times year. The last batch, in April, featured 36 security fixes.