Oracle April 2024 Critical Patch Update Addresses 239 CVEs
- by nlqip
Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.
Background
On April 16, Oracle released its Critical Patch Update (CPU) for April 2024, the second quarterly update of the year. This CPU contains fixes for 239 CVEs in 441 security updates across 30 Oracle product families. Out of the 441 security updates published this quarter, 8.6% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 44.4%, followed by high severity patches at 42.6%.
This quarter’s update includes 38 critical patches across 21 CVEs.
Severity | Issues Patched | CVEs |
---|---|---|
Critical | 38 | 21 |
High | 188 | 79 |
Medium | 196 | 122 |
Low | 19 | 17 |
Total | 441 | 239 |
Analysis
This quarter, the Oracle Commerce product family contained the highest number of patches at 93, accounting for 21.1% of the total patches, followed by Oracle Financial Services Applications at 51 patches, which accounted for 11.6% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
Oracle Product Family | Number of Patches | Remote Exploit without Authentication |
---|---|---|
Oracle Commerce | 93 | 71 |
Oracle Financial Services Applications | 51 | 35 |
Oracle E-Business Suite | 49 | 30 |
Oracle Communications | 47 | 43 |
Oracle Insurance Applications | 36 | 9 |
Oracle Supply Chain | 22 | 16 |
Oracle TimesTen In-Memory Database | 14 | 10 |
Oracle Hyperion | 13 | 10 |
Oracle Systems | 13 | 1 |
Oracle Food and Beverage Applications | 12 | 5 |
Oracle Construction and Engineering | 11 | 7 |
Oracle Java SE | 10 | 5 |
Oracle MySQL | 10 | 9 |
Oracle Database Server | 8 | 3 |
Oracle GoldenGate | 8 | 6 |
Oracle Communications Applications | 7 | 4 |
Oracle Hospitality Applications | 6 | 2 |
Oracle Retail Applications | 6 | 3 |
Oracle Siebel CRM | 6 | 6 |
Oracle Enterprise Manager | 4 | 2 |
Oracle Analytics | 3 | 1 |
Oracle Fusion Middleware | 2 | 0 |
Oracle HealthCare Applications | 2 | 0 |
Oracle Support Tools | 2 | 2 |
Oracle Autonomous Health Framework | 1 | 1 |
Oracle Big Data Spatial and Graph | 1 | 1 |
Oracle Essbase | 1 | 1 |
Oracle Global Lifecycle Management | 1 | 1 |
Oracle Health Sciences Applications | 1 | 1 |
Oracle PeopleSoft | 1 | 0 |
Solution
Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the April 2024 advisory for full details.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Get more information
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Scott Caveza
Scott joined Tenable in 2012 as a Research Engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Scott is currently a member of the Security Response team, helping the research organization respond to the latest threats. He has over a decade of experience in the industry with previous work in the Security Operations Center (SOC) for a major domain registrar and web hosting provider. Scott is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.
Interests outside of work: Scott enjoys spending time with his family, camping, fishing and being outdoors. He also enjoys finding ways to break web applications and home renovation projects.
Source link
lol
Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates. Background On April 16, Oracle released its Critical Patch Update (CPU) for April 2024, the second quarterly update of the year. This CPU contains fixes for 239 CVEs in 441 security updates across 30 Oracle product families.…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’