- The Apple Watch Ultra 2 just dropped to its lowest price yet for Black Friday
- The best Black Friday 2024 Kindle deals: Shop sales available now
- The 25+ best smartwatch and fitness tracker deals for Black Friday 2024: Deals are live
- I've tested dozens of power banks. This one is in a class of its own and you can get it for $85
- 인텔이 치러야 할 미 정부 79억 달러 보조금의 대가 ‘지분 매각 제한’
Oracle July 2023 Critical Patch Update Addresses 183 CVEs
Oracle addresses 183 CVEs in its third quarterly update of 2023 with 508 patches, including 76 critical updates.
Background
On July 18, Oracle released its Critical Patch Update (CPU) for July 2023, the third quarterly update of the year. This CPU contains fixes for 183 unique CVEs in 508 security updates across 32 Oracle product families. Out of the 508 security updates published this quarter, 15.0% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 48.4%, followed by medium severity patches at 31.9%.
This quarter’s update includes 76 critical patches across 28 CVEs.
Severity | Issues Patched | CVEs |
---|---|---|
Critical | 76 | 28 |
High | 246 | 67 |
Medium | 162 | 74 |
Low | 24 | 14 |
Total | 508 | 183 |
Analysis
This quarter, the Oracle Construction and Engineering product family contained the highest number of patches at 147, accounting for 28.9% of the total patches, followed by Oracle TimeTen in-Memory Database at 77 patches, which accounted for 15.1% of the total patches.
Of the 508 patches in this update, 62 patches address 37 vulnerabilities identified during the period from 2018 – 2021. Of these, 9 patches address 8 CVEs that were given a CVSSv3 score greater than 9. This means legacy vulnerabilities accounted for 12.2% of the total patches and 11.8% of critical patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
Oracle Product Family | Number of Patches | Remote Exploit without Authentication |
---|---|---|
Oracle Construction and Engineering | 147 | 115 |
Oracle TimesTen In-Memory Database | 77 | 57 |
Oracle Enterprise Manager | 60 | 40 |
Oracle Spatial Studio | 40 | 30 |
Oracle Financial Services Applications | 32 | 23 |
Oracle Insurance Applications | 24 | 11 |
Oracle Siebel CRM | 14 | 12 |
Oracle Policy Automation | 13 | 11 |
Oracle MySQL | 11 | 8 |
Oracle Hospitality Applications | 9 | 8 |
Oracle Java SE | 9 | 8 |
Oracle PeopleSoft | 9 | 9 |
Oracle Secure Backup | 8 | 8 |
Oracle Communications | 8 | 6 |
Oracle Commerce | 6 | 5 |
Oracle Database Server | 5 | 1 |
Oracle Communications Applications | 5 | 3 |
Oracle Hyperion | 4 | 3 |
Oracle Supply Chain | 4 | 2 |
Oracle Application Express | 3 | 1 |
Oracle Analytics | 3 | 1 |
Oracle Health Sciences Applications | 3 | 2 |
Oracle Big Data Spatial and Graph | 2 | 0 |
Oracle Essbase | 2 | 1 |
Oracle Fusion Middleware | 2 | 2 |
Oracle JD Edwards | 2 | 2 |
Oracle GoldenGate | 1 | 1 |
Oracle Graph Server and Client | 1 | 0 |
Oracle NoSQL Database | 1 | 1 |
Oracle E-Business Suite | 1 | 1 |
Oracle Food and Beverage Applications | 1 | 0 |
Oracle Retail Applications | 1 | 0 |
Solution
Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the July 2023 advisory for full details.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.
Get more information
Join Tenable’s Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 30-day trial of Tenable.io Vulnerability Management.