Rackspace Advisory for Oracle Applications

Rackspace Technology is aware that Oracle recently published the following security vulnerabilities impacting Oracle’s GoldenGate, Fusion Middleware, Hyperion, and other products. One Oracle vulnerability addressed is CVE-2022-22965, otherwise known as the Spring4Shell vulnerability. Spring4Shell is a zero-day vulnerability that was first observed being exploited in April 2022, which allows threat actors to remotely execute code on Java Spring Framework web applications.

CVE-2022-23457

CVE-2022-45047

CVE-2022-22965

CVE-2022-37434

CVE-2022-33980

CVE-2022-29599

CVE-2022-27404

You can find more about these vulnerabilities via the Oracle Critical Patch Update Advisory: https://www.oracle.com/security-alerts/cpuapr2023.html

Rackspace engineers have performed an initial assessment and strongly recommend that customers review the advisories and ensure appropriate patches are installed.

Should you have any questions or require assistance in responding to these vulnerabilities, please contact a support Racker via https://www.rackspace.com/login.