Oracle April 2024 Critical Patch Update Addresses 239 CVEs


Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.

Background

On April 16, Oracle released its Critical Patch Update (CPU) for April 2024, the second quarterly update of the year. This CPU contains fixes for 239 CVEs in 441 security updates across 30 Oracle product families. Out of the 441 security updates published this quarter, 8.6% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 44.4%, followed by high severity patches at 42.6%.

This quarter’s update includes 38 critical patches across 21 CVEs.

Severity Issues Patched CVEs
Critical 38 21
High 188 79
Medium 196 122
Low 19 17
Total 441 239

Analysis

This quarter, the Oracle Commerce product family contained the highest number of patches at 93, accounting for 21.1% of the total patches, followed by Oracle Financial Services Applications at 51 patches, which accounted for 11.6% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product Family Number of Patches Remote Exploit without Authentication
Oracle Commerce 93 71
Oracle Financial Services Applications 51 35
Oracle E-Business Suite 49 30
Oracle Communications 47 43
Oracle Insurance Applications 36 9
Oracle Supply Chain 22 16
Oracle TimesTen In-Memory Database 14 10
Oracle Hyperion 13 10
Oracle Systems 13 1
Oracle Food and Beverage Applications 12 5
Oracle Construction and Engineering 11 7
Oracle Java SE 10 5
Oracle MySQL 10 9
Oracle Database Server 8 3
Oracle GoldenGate 8 6
Oracle Communications Applications 7 4
Oracle Hospitality Applications 6 2
Oracle Retail Applications 6 3
Oracle Siebel CRM 6 6
Oracle Enterprise Manager 4 2
Oracle Analytics 3 1
Oracle Fusion Middleware 2 0
Oracle HealthCare Applications 2 0
Oracle Support Tools 2 2
Oracle Autonomous Health Framework 1 1
Oracle Big Data Spatial and Graph 1 1
Oracle Essbase 1 1
Oracle Global Lifecycle Management 1 1
Oracle Health Sciences Applications 1 1
Oracle PeopleSoft 1 0

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the April 2024 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Scott Caveza



Source link