Oracle October 2024 Critical Patch Update Addresses 198 CVEs
Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.
Background
On October 15, Oracle released its Critical Patch Update (CPU) for October 2024, the fourth and final quarterly update of the year. This CPU contains fixes for 198 CVEs in 334 security updates across 28 Oracle product families. Out of the 334 security updates published this quarter, 10.5% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 44.6%, followed by medium severity patches at 39.5%.
This quarter’s update includes 35 critical patches across 16 CVEs.
| Severity | Issues Patched | CVEs |
|---|---|---|
| Critical | 35 | 16 |
| High | 149 | 86 |
| Medium | 132 | 80 |
| Low | 18 | 16 |
| Total | 334 | 198 |
Analysis
This quarter, the Oracle Commerce product family contained the highest number of patches at 100, accounting for 29.9% of the total patches, followed by Oracle Hyperion at 45 patches, which accounted for 13.5% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
| Oracle Product Family | Number of Patches | Remote Exploit without Authentication |
|---|---|---|
| Oracle Commerce | 100 | 81 |
| Oracle Hyperion | 45 | 12 |
| Oracle Financial Services Applications | 32 | 25 |
| Oracle E-Business Suite | 20 | 15 |
| Oracle Communications Applications | 18 | 1 |
| Oracle SQL Developer | 13 | 10 |
| Oracle Food and Beverage Applications | 12 | 7 |
| Oracle Java SE | 12 | 2 |
| Oracle Secure Backup | 9 | 5 |
| Oracle Hospitality Applications | 8 | 8 |
| Oracle Autonomous Health Framework | 7 | 4 |
| Oracle Communications | 7 | 3 |
| Oracle Siebel CRM | 7 | 5 |
| Oracle Database Server | 6 | 2 |
| Oracle Systems | 5 | 0 |
| Oracle Essbase | 4 | 1 |
| Oracle MySQL | 4 | 4 |
| Oracle Application Express | 3 | 1 |
| Oracle Enterprise Manager | 3 | 3 |
| Oracle Fusion Middleware | 3 | 3 |
| Oracle Analytics | 3 | 1 |
| Oracle Retail Applications | 3 | 3 |
| Oracle Supply Chain | 3 | 3 |
| Oracle Graph Server and Client | 2 | 2 |
| Oracle PeopleSoft | 2 | 2 |
| Oracle Blockchain Platform | 1 | 1 |
| Oracle GoldenGate | 1 | 0 |
| Oracle NoSQL Database | 1 | 1 |
Solution
Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2024 advisory for full details.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Get more information
- Oracle Critical Patch Update Advisory - October 2024
- Oracle October 2024 Critical Patch Update Risk Matrices
- Oracle Advisory to CVE Map
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Tenable Security Response Team
The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.Related articles
Frequently Asked Questions About DeepSeek Large Language Model (LLM)
The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it....
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild....
Tenable Supercharges Exposure Management with Acquisition of Vulcan Cyber
Vulcan brings more than 100 additional third-party integrations and enhanced remediation workflows to the Tenable One Exposure Management Platform, enabling organizations to prioritize their security risk based on contextualized and enriched intelligence....
- Exposure Management
- Vulnerability Management
- Exposure Management
- Vulnerability Management