04/17/2024 | News release | Distributed by Public on 04/17/2024 08:42
Oracle released its second quarterly edition of Critical Patch Update, which contains patches for 441 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In the second quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 93, constituting about 21% of the total patches released. Oracle Fusion Middleware and Oracle Financial Services Applications followed, with 51 and 49 security patches, respectively.
307 of the 441, i.e., about 70% of security patches, are for non-Oracle CVEs, which are security fixes for issues in third-party products such as open-source components included and exploitable in the context of their Oracle product distributions.
This month's batch of security patches contains 12 updates for Oracle Database products. Product-wise distribution is as follows:
In these security updates, Oracle has covered product families, including Oracle Database Server, Oracle Autonomous Health Framework, Oracle Big Data Spatial and Graph, Oracle Global Lifecycle Management, Oracle GoldenGate, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Food and Beverage Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle Insurance Applications, Oracle Java SE, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Support Tools, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization.
Qualys QID Coverage
Qualys has released 13 QIDs mentioned in the table below:
Note: The table will be updated with the additional QIDs once released.
Notable Oracle Vulnerabilities Patched
Oracle Communications
This Critical Patch Update for Oracle Communications contains 93 security patches.Out of 93, 71 vulnerabilities can be exploited over a network without user credentials.
CVE-2023-47100 has a critical severity rating and CVSS score of 9.8. A remote attacker may exploit the vulnerability in a low-complexity network attack.
Oracle Fusion Middleware
This Critical Patch Update for Oracle Fusion Middleware contains 51 new security patches. 35 of these vulnerabilities can be remotely exploitable without authentication.
CVE-2022-46337, CVE-2024-1597, CVE-2022-34381, CVE-2019-13990, CVE-2022-1471, and CVE-2022-45378 in different Oracle Communications products have critical severity ratings and CVSS scores of 9.8.
Oracle Financial Services Applications
This Critical Patch Update for Oracle Financial Services Applications contains 49 new security patches. 30 of these vulnerabilities can be remotely exploitable without authentication.
None of the 49 vulnerabilities have been given critical severity ratings.
Oracle E-Business Suite
This Critical Patch Update for Oracle E-Business Suite contains 47 security patches. 40 vulnerabilities can be exploited over a network without requiring user credentials.
CVE-2024-21071 in the Admin Screens and Grants UI of Oracle Workflow has a critical severity rating and a CVSS score of 9.1. The vulnerability can be exploited remotely by an attacker in a low-complexity attack.
Oracle MySQL
This Critical Patch Update for Oracle MySQL contains 36 security patches.9 of these vulnerabilities may be remotely exploitable without authentication.
None of the 36 vulnerabilities have been given critical severity ratings.
Oracle Systems
This Critical Patch Update for Oracle Systems contains 22 security patches. 16 of these vulnerabilities may be exploited over a network without requiring user credentials.
CVE-2022-42920, CVE-2022-34381, and CVE-2020-35168 have critical severity ratings and a CVSS score of 9.8.
Related