Oracle released first updates in 2020followed by Microsoft, Adobe and other manufacturers. In total, developers closed 334 vulnerabilities in 93 products, and more than half of the vulnerabilities (192) could be used remotely without authentication.
The most problems this month were found in Enterprise Manager, for which 50 patches were released right away, including 10 for vulnerabilities that could be used remotely without authentication. The most serious of these are two critical flaws in the Enterprise Manager Ops Center and two more in the Application Testing Suite.
Fusion Middleware eliminated 38 vulnerabilities, 30 of which could also be used remotely without authentication. According to the developers, some products are also affected by vulnerabilities associated with Database components. The most serious of these issues include a critical bug in Coherence and two critical flaws in WebLogic Server. All three bugs can be used remotely.
Updates for the flagship Database Server include a dozen patches. Three of these vulnerabilities could be exploited remotely without authorization, including one flaw in Apache Tomcat (CVE-2019-10072), one in Big Red Gateway (CVE-2020-2512), and one in Core RDBMS (CVE-2020-2510).
Some of the most serious flaws have also been discovered in Oracle communications applications, where 23 of the 25 errors can be exploited remotely without any authentication. Six of these vulnerabilities scored on the CVSS score of 9 points more.