The most severe flaws, receiving a top score of 10, reside in JRockit, part of Oracle Fusion Middleware, and in Sun GlassFish Enterprise Server, part of the Sun products suite.
The company warned that six of the nine vulnerabilities for the Oracle Fusion Middleware, and seven of 18 vulnerabilities for the Sun product suite “may be exploited over a network without the need for a username and password.”
In addition to JRockit, Oracle Fusion Middleware components affected by the fixes include Single Sign On, Oracle WebLogic Server, Oracle Security Service, and Oracle HTTP Server. The Sun product suite components, besides Sun GlassFish, affected by the security update include Solaris, Sun Java System Access Manager Policy Agent, and OpenSSO Enterprise.
In addition, seven of eight vulnerabilities for Oracle Open Office Suite may also “be exploited over a network without the need for a username and password.” However, none of the Open Office flaws reached the top score of 10.
According to the company’s pre-release patch announcement, "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.”