Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Oracle October 2024 Critical Patch Update Addresses 198 CVEs

Tenable Security Response Team
October 15, 2024 • 2 Min Read
by Tenable Security Response Team 
Blog Home / Cyber Exposure Alerts
A blue background with the logo for Tenable Research located at the top center. Underneath it is a green, rectangular box with arrows pointing out at the top left and bottom right of the rectangle. Inside the box the word "ORACLE" is located at the top center in bold text, with the words "CRITICAL PATCH UPDATE" underneath it. This blog highlights the fourth Critical Patch Update (CPU) of 2024, Oracle's fourth and final quarterly update for the year.

Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.

Background

On October 15, Oracle released its Critical Patch Update (CPU) for October 2024, the fourth and final quarterly update of the year. This CPU contains fixes for 198 CVEs in 334 security updates across 28 Oracle product families. Out of the 334 security updates published this quarter, 10.5% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 44.6%, followed by medium severity patches at 39.5%.

A pie chart with a hole in the center featuring metrics associated with the Oracle Critical Patch Update (CPU) for October 2024 showing a breakdown of security patches from Critical (35, High (149), Medium (132) and Low (18).

This quarter’s update includes 35 critical patches across 16 CVEs.

SeverityIssues PatchedCVEs
Critical3516
High14986
Medium13280
Low1816
Total334198

Analysis

This quarter, the Oracle Commerce product family contained the highest number of patches at 100, accounting for 29.9% of the total patches, followed by Oracle Hyperion at 45 patches, which accounted for 13.5% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product FamilyNumber of PatchesRemote Exploit without Authentication
Oracle Commerce10081
Oracle Hyperion4512
Oracle Financial Services Applications3225
Oracle E-Business Suite2015
Oracle Communications Applications181
Oracle SQL Developer1310
Oracle Food and Beverage Applications127
Oracle Java SE122
Oracle Secure Backup95
Oracle Hospitality Applications88
Oracle Autonomous Health Framework74
Oracle Communications73
Oracle Siebel CRM75
Oracle Database Server62
Oracle Systems50
Oracle Essbase41
Oracle MySQL44
Oracle Application Express31
Oracle Enterprise Manager33
Oracle Fusion Middleware33
Oracle Analytics31
Oracle Retail Applications33
Oracle Supply Chain33
Oracle Graph Server and Client22
Oracle PeopleSoft22
Oracle Blockchain Platform11
Oracle GoldenGate10
Oracle NoSQL Database11

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2024 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Tenable Security Response Team

Tenable Security Response Team

The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.

Related Articles

Tenable Ranked #1 in the Device Vulnerability Management Market for the Sixth Consecutive Year in IDC's Market Shares Report

October 10, 2024

The research firm’s latest report also provides advice for technology suppliers that they can use to improve their vulnerability management strategy.

Brittany Isaacs

Brittany Isaacs

Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)

October 8, 2024

Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.

Tenable Security Response Team

Tenable Security Response Team

Managing OT and IT Risk: What Cybersecurity Leaders Need to Know

October 7, 2024

Security leaders face the challenge of managing a vast, interconnected attack surface, where traditional approaches to managing cyber risk are no longer sufficient. Modern threats exploit vulnerabilities across domains, requiring a more holistic approach to avoid operational disruption, safety risks and financial losses.

Team Tenable

Team Tenable

Oracle October 2024 Critical Patch Update Addresses 198 CVEs

October 15, 2024

Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.

Tenable Security Response Team

Tenable Security Response Team

Harden Your Cloud Security Posture by Protecting Your Cloud Data and AI Resources

October 15, 2024

Learn how data security posture management (DSPM) and AI security posture management (AI-SPM) can help you address key cloud security challenges.

Liat Hayun

Liat Hayun

Cybersecurity Snapshot: How AI Can Boost Your Cybersecurity Program

October 11, 2024

More security teams are incorporating AI to uplevel their defense strategies and boost productivity. With so much AI buzz, it may be overwhelming to decipher which tools to acquire and how they fit in a modern security strategy. Read on to explore how AI-enabled tools can help enhance your security program in this special edition of the Tenable Cybersecurity Snapshot!

Joan Goodchild

Joan Goodchild

  • Exposure Management
  • Vulnerability Management
  • Exposure Management
  • Vulnerability Management

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Buy Now
Try for free Buy now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for free Contact sales

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Try for free Buy now

Try Tenable Nessus Professional free

Free for 7 days

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select your license

Buy a multi-year license and save.

Add support and training
Buy Now
Renew an existing license Find a reseller
Try for free Buy now

Try Tenable Nessus Expert free

Free for 7 days.

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select your license

Buy a multi-year license and save more.

Add support and training
Buy Now
Renew an existing license Find a reseller