noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

News

Oakland University

OU’s Career and Life Design Center earns 2024 Career Spark Award from[...]
Oakland University

OU celebrates National Transfer Student Week by hosting transfer[...]
Democratic Party - Democratic[...]

Donald Trump’s Record Shows Why He Doesn’t “Do Well With American[...]

Finance

Qualys Inc.

10/16/2024 | News release | Distributed by Public on 10/16/2024 09:06

Oracle Critical Patch Update, October 2024 Security Update Review

Oracle released the last quarterly edition of this year's Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.

In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 100 constituting about 30% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 45 and 32 security patches, respectively.

244 of the 334 security patches provided by the October Critical Patch Update (about 73%) are for non-Oracle CVEs, such as open-source components included and exploitable in the context of their Oracle product distributions.

This batch of security patches contains 26 updates for Oracle Database products. The following is the product-wise distribution:

Six new security updates for Oracle Database Server with a maximum reported CVSS Base Score of 5.3.
- One of these updates applies to client-only deployments of the Oracle Database.
Three new security updates for Oracle Application Express with a maximum reported CVSS Base Score of 6.3.
Seven new security updates for the Oracle Blockchain Platform with a maximum reported CVSS Base Score of 7.5.
One new security update for Oracle Essbase with a maximum reported CVSS Base Score of 6.5.
Four new security updates for Oracle GoldenGate with a maximum reported CVSS Base Score of 5.3.
One new security update for Oracle NoSQL Database with a maximum reported CVSS Base Score of 4.3.
Two new security updates for Oracle Secure Backup with a maximum reported CVSS Base Score of 7.5.
One new security update for Oracle SQL Developer with a maximum reported CVSS Base Score of 5.9.

In these security updates, Oracle has covered product families, including Oracle Database Server, Oracle Application Express, Oracle Blockchain Platform, Oracle Essbase, Oracle GoldenGate, Oracle NoSQL Database, Oracle Secure Backup, Oracle SQL Developer, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Food and Beverage Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle Hospitality Applications, Oracle Hyperion, Oracle Java SE, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Systems, Oracle Utilities Applications, Oracle Virtualization.

Qualys QID Coverage

Qualys has released five QIDs mentioned in the table below:

Note: The table will be updated with the additional QIDs once released.

Notable Oracle Vulnerabilities Patched

Oracle Communications

This Critical Patch Update for Oracle Communications contains 100 security patches. Out of these, 81 vulnerabilities can be exploited over a network without user credentials.

CVE-2024-45492, CVE-2023-38408, CVE-2024-4577, CVE-2023-6816, CVE-2022-2068, CVE-2024-37371, CVE-2024-29736, and CVE-2022-36760 in different Oracle Communications products have critical severity ratings. In a low-complexity network attack, a remote attacker may exploit these vulnerabilities without privileges.

Oracle MySQL

This Critical Patch Update for Oracle MySQL contains 45 security patches. Out of these, 12 vulnerabilities can be exploited over a network without user credentials.

CVE-2024-37371 and CVE-2024-5535 in different Oracle MySQL products have critical severity ratings with a CVSS score of 9.1. In a low-complexity network attack, a remote attacker may exploit these vulnerabilities without privileges.

Oracle Fusion Middleware

This Critical Patch Update for Oracle Fusion Middleware contains 32 security patches. Out of these, 12 vulnerabilities can be exploited over a network without user credentials.

CVE-2024-28752, CVE-2024-21216, and CVE-2024-45492 in different Oracle Fusion Middleware products have critical severity ratings. In a low-complexity network attack, a remote attacker may exploit these vulnerabilities without privileges.

Oracle Financial Services Applications

This Critical Patch Update for Oracle Financial Services Applications contains 20 security patches. Out of these, 15 vulnerabilities can be exploited over a network without user credentials.

CVE-2024-5535 in Oracle Banking Cash Management and Oracle Banking Supply Chain Finance have critical severity ratings. A remote attacker may exploit this vulnerability without privileges in a low-complexity network attack.

Oracle Communications Applications

This Critical Patch Update for Oracle Communications Applications contains 13 security patches. Out of these, 10 vulnerabilities can be exploited over a network without user credentials.

CVE-2024-45492 in the Core (LibExpat) component of Oracle Communications Unified Assurance has critical severity ratings with a CVSS score of 9.8. A remote attacker may exploit this vulnerability without privileges in a low-complexity network attack.

Oracle Commerce

This Critical Patch Update for Oracle Commerce contains nine security patches. Out of these, five vulnerabilities can be exploited over a network without user credentials.

CVE-2022-46337 in the Workbench (Apache Derby) component of Oracle Commerce Guided Search has critical severity ratings with a CVSS score of 9.8. A remote attacker may exploit this vulnerability without privileges in a low-complexity network attack.

Oracle Enterprise Manager

This Critical Patch Update for Oracle Enterprise Manager contains seven security patches. Out of these, three vulnerabilities can be exploited over a network without user credentials.

CVE-2022-34381 in the Agent Next Gen (BSAFE Crypto-J) component of the Oracle Enterprise Manager Base Platform has critical severity ratings with a CVSS score of 9.8. A remote attacker may exploit this vulnerability without privileges in a low-complexity network attack.

Oracle Analytics

This Critical Patch Update for Oracle Analytics contains 12 security patches. Out of these, seven vulnerabilities can be exploited over a network without user credentials.

CVE-2022-23305 and CVE-2023-38545 in different components of Oracle Business Intelligence Enterprise Edition have critical severity ratings with a CVSS score of 9.8. A remote attacker may exploit this vulnerability without privileges in a low-complexity network attack.

Oracle Systems

This Critical Patch Update for Oracle Systems contains seven security patches. Out of these, five vulnerabilities can be exploited over a network without user credentials.

CVE-2022-46337 in Tools (Apache Derby) of Oracle Solaris Cluster has critical severity ratings with a CVSS score of 9.8. A remote attacker may exploit this vulnerability without privileges in a low-complexity network attack.

Related

Sharing and Personal Tools

Please select the service you want to use: