Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Oracle January 2024 Critical Patch Update Addresses 191 CVEs

Oracle CPU

Oracle addresses 191 CVEs in its first quarterly update of 2024 with 389 patches, including 37 critical updates.

Background

On January 16, Oracle released its Critical Patch Update (CPU) for January 2024, the first quarterly update of the year. This CPU contains fixes for 191 CVEs in 389 security updates across 26 Oracle product families. Out of the 389 security updates published this quarter, 9.5% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 49.4%, followed by medium severity patches at 36.2%.

This quarter’s update includes 37 critical patches across 17 CVEs.

SeverityIssues PatchedCVEs
Critical3717
High19267
Medium14191
Low1916
Total389191

Analysis

This quarter, the Oracle Communications Applications product family contained the highest number of patches at 71, accounting for 18.3% of the total patches, followed by Oracle Secure Backup at 55 patches, which accounted for 14.1% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product FamilyNumber of PatchesRemote Exploit without Auth
Oracle Communications Applications7154
Oracle Secure Backup5543
Oracle REST Data Services4325
Oracle Fusion Middleware4012
Oracle Communications3929
Oracle TimesTen In-Memory Database1914
Oracle Construction and Engineering1711
Oracle Enterprise Manager1311
Oracle Commerce1211
Oracle E-Business Suite1110
Oracle Financial Services Applications96
Oracle MySQL93
Oracle PeopleSoft73
Oracle SQL Developer62
Oracle Hyperion65
Oracle JD Edwards64
Oracle Audit Vault and Database Firewall51
Oracle NoSQL Database54
Oracle Analytics42
Oracle Database Server30
Oracle Essbase32
Oracle Java SE22
Oracle Big Data Spatial and Graph11
Oracle Global Lifecycle Management11
Oracle GoldenGate11
Oracle Graph Server and Client10

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the January 2024 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

 

Join Tenable's Security Response Team on the Tenable Community.

 

 

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

 

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.