My Oracle Support Banner

October 2014 CPU Database JVM Vulnerabilities FAQ (Doc ID 1940702.1)

Last updated on AUGUST 04, 2018

Applies to:

Oracle Database - Enterprise Edition
Information in this document applies to any platform.


The October 2014 Critical Patch Update included fixes for high severity vulnerabilities in the Oracle databases.  A number of these database vulnerabilities are related to features implemented using Java in the Database, and some of these vulnerabilities have received a CVSS Base Score of 9.0.

The purpose of this document is to answer some frequently-asked questions about these Java-related vulnerabilities and the fixes provided with this Critical Patch Update release.

For more information see:

(1)    Official Oracle blog posted at

(2)    October 2014 Critical Patch Update Advisory located at

For your convenience, the Database Risk Matrix of the October 2014 Critical Patch Update is reproduced at the end of this document.  Please refer to the URL above for the most authoritative version of this risk matrix as it may be updated and these updates may not be reflected in the reproduction below.

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Questions and Answers

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.