Quantcast
Channel: Tenable Blog
Viewing all articles
Browse latest Browse all 1935

Oracle April 2024 Critical Patch Update Addresses 239 CVEs

$
0
0

Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates.

Background

On April 16, Oracle released its Critical Patch Update (CPU) for April 2024, the second quarterly update of the year. This CPU contains fixes for 239 CVEs in 441 security updates across 30 Oracle product families. Out of the 441 security updates published this quarter, 8.6% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 44.4%, followed by high severity patches at 42.6%.

This quarter’s update includes 38 critical patches across 21 CVEs.

SeverityIssues PatchedCVEs
Critical3821
High18879
Medium196122
Low1917
Total441239

Analysis

This quarter, the Oracle Commerce product family contained the highest number of patches at 93, accounting for 21.1% of the total patches, followed by Oracle Financial Services Applications at 51 patches, which accounted for 11.6% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product FamilyNumber of PatchesRemote Exploit without Authentication
Oracle Commerce9371
Oracle Financial Services Applications5135
Oracle E-Business Suite4930
Oracle Communications4743
Oracle Insurance Applications369
Oracle Supply Chain2216
Oracle TimesTen In-Memory Database1410
Oracle Hyperion1310
Oracle Systems131
Oracle Food and Beverage Applications125
Oracle Construction and Engineering117
Oracle Java SE105
Oracle MySQL109
Oracle Database Server83
Oracle GoldenGate86
Oracle Communications Applications74
Oracle Hospitality Applications62
Oracle Retail Applications63
Oracle Siebel CRM66
Oracle Enterprise Manager42
Oracle Analytics31
Oracle Fusion Middleware20
Oracle HealthCare Applications20
Oracle Support Tools22
Oracle Autonomous Health Framework11
Oracle Big Data Spatial and Graph11
Oracle Essbase11
Oracle Global Lifecycle Management11
Oracle Health Sciences Applications11
Oracle PeopleSoft10

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the April 2024 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.


Viewing all articles
Browse latest Browse all 1935

Trending Articles