Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed.
The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected include Oracle PeopleSoft Campus Solutions, Human Capital Management, Financial Management, and Supply Chain Management, as well other product using the Tuxedo 2 application server.
Oracle’s Jolt protocol is used by the Tuxedo 2 application server. ERPScan calls the vulnerabilities JoltandBleed because of similarities between the 2014 vulnerability discovered in OpenSSL HeartBleed bug.