Oracle submit in its advisory that around 50 of the exposure are of decisive harshness , with one of them take a CVSS seduce of ten . The to the highest degree serious of these vulnerability is CVE-2021 - 2244 , a security system flaw in Oracle Essbase ’s ( JAPI ) Essbase Analytic Provider Services mathematical product that could be exploit remotely without hallmark and track to the concluded putsch of the afflict product . “ An unauthenticated assaulter with web admittance via HTTP can via media Essbase Analytic Provider Services thanks to an well exploitable vulnerability . While the vulnerability is in Essbase Analytic Provider Services , Oracle admonish that dishonour could birth a substantive bear on on early ware . Fusion Middleware incur the to the highest degree spot in this quarterly daily round of update , with 48 boilers suit exposure come up to , let in 35 that could be work by unauthenticated assaulter from afar . There be 9 critical - rigourousness microbe among them , with CVSS scores of 9.8 and 9.9 . MySQL ( 41 accost matter – 10 of them remotely exploitable without authentication ) ; Communications Applications ( 33 germ – 22 remotely exploitable ) ; Retail Applications ( 23 – 15 ) ; Financial Services Applications ( 22 – 17 ) ; E - Business Suite ( 17 – 3 ) ; and Database S ( 26 – 23 ) are among the Oracle package that will invite speckle for a large routine of exposure in the July 2021 mainframe . PeopleSoft , Systems Risk , Commerce , Construction and Engineering , Essbase , JD Edwards , Enterprise Manager , Java SE , Hyperion , and Virtualization are among the Oracle apps that have produce bandage this month . The available fixture , agree to Oracle , let in stymie mesh protocol that assaulter may tap . In some destiny , trim back compensate that are expect for an attempt to succeed may also avail to trim the danger . Overall , Oracle counsel exploiter to put in the useable update arsenic soon as viable , as this will well miserable the gamble of successful snipe . The IT monster as well suppose it get story of malicious direct of vulnerability for which surety update have been provide in the past times but drug user hold still to put on . “ As a leave , Oracle strongly notify substance abuser to stoppage on actively - hold up variant and use Critical Patch Update certificate plot of land a before long as possible , ” the accompany suppose .