Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Oracle July 2024 Critical Patch Update Addresses 175 CVEs

A blue gradient background with the Tenable Research logo in the top center of the image. Underneath the logo is a green rectangular shaped box with the word "ORACLE" in the top center in bold text with the words "CRITICAL PATCH UPDATE" underneath it. This blog highlights some key metrics from the Oracle Critical Patch Update (CPU) for July 2024, the third quarterly update for the year.

Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates.

Background

On July 16, Oracle released its Critical Patch Update (CPU) for July 2024, the third quarterly update of the year. This CPU contains fixes for 175 CVEs in 386 security updates across 29 Oracle product families. Out of the 386 security updates published this quarter, 6.7% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 45.9%, followed by high severity patches at 45.1%.

A pie chart with a hole in the center featuring metrics associated with the Oracle Critical Patch Update (CPU) for July 2024 showing a breakdown of security patches from Critical, High, Medium and Low.

This quarter’s update includes 26 critical patches across 15 CVEs.

SeverityIssues PatchedCVEs
Critical2615
High17460
Medium17791
Low99
Total386175

Analysis

This quarter, the Oracle Commerce product family contained the highest number of patches at 95, accounting for 24.6% of the total patches, followed by Oracle E-Business Suite at 60 patches, which accounted for 15.6% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product FamilyNumber of PatchesRemote Exploit without Authentication
Oracle Commerce9584
Oracle E-Business Suite6044
Oracle Enterprise Manager4132
Oracle Java SE3711
Oracle TimesTen In-Memory Database2014
Oracle Financial Services Applications1712
Oracle PeopleSoft1211
Oracle JD Edwards113
Oracle Communications102
Oracle HealthCare Applications107
Oracle Database Server83
Oracle Insurance Applications86
Oracle REST Data Services77
Oracle Hyperion77
Oracle Retail Applications75
Oracle Construction and Engineering55
Oracle Fusion Middleware52
Oracle MySQL54
Oracle Communications Applications42
Oracle Analytics30
Oracle Systems30
Oracle Big Data Spatial and Graph20
Oracle Siebel CRM21
Oracle Supply Chain22
Oracle Application Express11
Oracle Essbase11
Oracle GoldenGate11
Oracle Graph Server and Client11
Oracle NoSQL Database10

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the July 2024 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.