21.07.2021 July 2021 Oracle Critical Patch Update Addresses 327 Flaws

by Elena Lapina

On 20 July 2021, Oracle Critical Patch Update (CPU) released fixes for 327 vulnerabilities; 43 of these are remotely executable flaws requiring no authentication to exploit. Timely patching is recommended.


  • The July 2021 CPU addresses vulnerabilities in multiple Oracle product families and its third-party components; 49 of them have a CVSS 3.1 score above 9.
  • Of note is a critical vulnerability in Essbase Analytic Provider Services 21.2 (component: JAPI), tracked as CVE-2021-2244, that received a CVSS 3.1 score of 10. An unauthenticated threat actor with network access via HTTP could compromise an unpatched product remotely.
  • Oracle Fusion Middleware was the most affected product with 48 fixes overall. Nine of these vulnerabilities have a score above 9 and are remotely exploitable with no authentication required.
  • Oracle MySQL received 41 patches. Ten of these vulnerabilities may be exploited remotely without requiring user credentials.
  • Other products with multiple critical fixes include Oracle E-Business Suite, Oracle Database Server, Oracle PeopleSoft, Oracle Retail Applications, Oracle Financial Services Applications, Oracle Communications Applications, and Oracle Communications among others.


  • If you are using any of the products mentioned in the Oracle Critical Patch Update Advisory, check for the updates on the advisory page noted below.
  • Timely implementation of the updates and all applicable mitigations is recommended.

References Oracle Critical Patch Update Advisory


Request Demo

Fill out the form and we will send you details about our demo.