Skip Navigation

July 21, 2021 |

July 2021 Oracle Critical Patch Update addresses 327 flaws

Loading table of contents...

On 20 July 2021, Oracle Critical Patch Update (CPU) released fixes for 327 vulnerabilities; 43 of these are remotely executable flaws requiring no authentication to exploit. Timely patching is recommended.


  • The July 2021 CPU addresses vulnerabilities in multiple Oracle product families and its third-party components; 49 of them have a CVSS 3.1 score above 9.
  • Of note is a critical vulnerability in Essbase Analytic Provider Services 21.2 (component: JAPI), tracked as CVE-2021-2244, that received a CVSS 3.1 score of 10. An unauthenticated threat actor with network access via HTTP could compromise an unpatched product remotely.
  • Oracle Fusion Middleware was the most affected product with 48 fixes overall. Nine of these vulnerabilities have a score above 9 and are remotely exploitable with no authentication required.
  • Oracle MySQL received 41 patches. Ten of these vulnerabilities may be exploited remotely without requiring user credentials.
  • Other products with multiple critical fixes include Oracle E-Business Suite, Oracle Database Server, Oracle PeopleSoft, Oracle Retail Applications, Oracle Financial Services Applications, Oracle Communications Applications, and Oracle Communications among others.


  • If you are using any of the products mentioned in the Oracle Critical Patch Update Advisory, check for the updates on the advisory page noted below.
  • Timely implementation of the updates and all applicable mitigations is recommended.