Oracle July 2024 Critical Patch Update Addresses 175 CVEs
- by nlqip
Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates.
Background
On July 16, Oracle released its Critical Patch Update (CPU) for July 2024, the third quarterly update of the year. This CPU contains fixes for 175 CVEs in 386 security updates across 29 Oracle product families. Out of the 386 security updates published this quarter, 6.7% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 45.9%, followed by high severity patches at 45.1%.
This quarter’s update includes 26 critical patches across 15 CVEs.
Severity | Issues Patched | CVEs |
---|---|---|
Critical | 26 | 15 |
High | 174 | 60 |
Medium | 177 | 91 |
Low | 9 | 9 |
Total | 386 | 175 |
Analysis
This quarter, the Oracle Commerce product family contained the highest number of patches at 95, accounting for 24.6% of the total patches, followed by Oracle E-Business Suite at 60 patches, which accounted for 15.6% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
Oracle Product Family | Number of Patches | Remote Exploit without Authentication |
---|---|---|
Oracle Commerce | 95 | 84 |
Oracle E-Business Suite | 60 | 44 |
Oracle Enterprise Manager | 41 | 32 |
Oracle Java SE | 37 | 11 |
Oracle TimesTen In-Memory Database | 20 | 14 |
Oracle Financial Services Applications | 17 | 12 |
Oracle PeopleSoft | 12 | 11 |
Oracle JD Edwards | 11 | 3 |
Oracle Communications | 10 | 2 |
Oracle HealthCare Applications | 10 | 7 |
Oracle Database Server | 8 | 3 |
Oracle Insurance Applications | 8 | 6 |
Oracle REST Data Services | 7 | 7 |
Oracle Hyperion | 7 | 7 |
Oracle Retail Applications | 7 | 5 |
Oracle Construction and Engineering | 5 | 5 |
Oracle Fusion Middleware | 5 | 2 |
Oracle MySQL | 5 | 4 |
Oracle Communications Applications | 4 | 2 |
Oracle Analytics | 3 | 0 |
Oracle Systems | 3 | 0 |
Oracle Big Data Spatial and Graph | 2 | 0 |
Oracle Siebel CRM | 2 | 1 |
Oracle Supply Chain | 2 | 2 |
Oracle Application Express | 1 | 1 |
Oracle Essbase | 1 | 1 |
Oracle GoldenGate | 1 | 1 |
Oracle Graph Server and Client | 1 | 1 |
Oracle NoSQL Database | 1 | 0 |
Solution
Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the July 2024 advisory for full details.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Get more information
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Tenable Security Response Team
The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.
Source link
lol
Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates. Background On July 16, Oracle released its Critical Patch Update (CPU) for July 2024, the third quarterly update of the year. This CPU contains fixes for 175 CVEs in 386 security updates across 29 Oracle product families.…
Recent Posts
- Windows 10 KB5046714 update fixes bug preventing app uninstalls
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’