By using the new version of CVSS, the US can identify the severity of some threats and it should be prioritized. The update includes patches that eliminate 31 vulnerabilities in MySQL (4 errors with the possibility of remote operation without an authentication), 5 problems in Oracle Database (2 of them with the possibility of remote operation without authentication), 22 errors in the Oracle Fusion Middleware (21 of them can be remotely operatable without an authentication), 18 vulnerabilities in Oracle Sun solutions, including CVE-2011-4461, dated the year 2011 (12 errors with remote operation). The company says it continues to receive regular reports of attempts to exploit malicious vulnerabilities in its products that have already released patches. “In some cases, it was reported that the attackers were successful because they target the customers who failed to apply patches available from Oracle.” Thus, the company strongly recommends that customers remain in supported versions actively and apply the Critical Patch Update fixes without delay. In the new release of Java SE eliminated 9 security problems which all can be operatable remotely without authentication. Three errors assigned severity level of 9.6 magnitude on the CVSS scale. 6 issues appear only on client systems (running in the browser Java Web Start and Java applets), and 3 errors affect both clients and Java server-side configuration. Oracle strongly recommends that as soon as possible to install security the patches.
Δ