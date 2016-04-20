Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches.

Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.

Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company's April Critical Patch Update Pre-Release Announcement, posted Monday.

Each of the bugs will be addressed with mitigation advice or patches by Oracle on Tuesday, coinciding with Microsoft's April's Patch Tuesday release of fixes. That will keep system and network admins taxed with a flood of critical vulnerabilities to contend with.



Oracle's Fusion Middleware alone is reporting 49 "vulnerabilities [that] may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials," according to the bulletin.

Oracle said in total, its Fusion Middleware family of software has 56 new security patches affecting nearly 20 related services, including Identity Manager Connector (v. 9.0), Big Data Discovery (v. 1.6) and WebCenter Portal (v. 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0).

The mammoth update also includes medium-severity flaws for its Java Platform, Standard Edition (Java SE), use for developing and deploying Java applications. Fifteen bugs, with an CVSS rating of 8.5, are remotely exploitable by an unauthenticated attacker over a network – no user credentials required.

Details of the Java SE bugs, along with technical insights and mitigation guidance for all 405 flaws, will be available Tuesday.