Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Oracle October 2024 Critical Patch Update Addresses 198 CVEs

A blue background with the logo for Tenable Research located at the top center. Underneath it is a green, rectangular box with arrows pointing out at the top left and bottom right of the rectangle. Inside the box the word "ORACLE" is located at the top center in bold text, with the words "CRITICAL PATCH UPDATE" underneath it. This blog highlights the fourth Critical Patch Update (CPU) of 2024, Oracle's fourth and final quarterly update for the year.

Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.

Background

On October 15, Oracle released its Critical Patch Update (CPU) for October 2024, the fourth and final quarterly update of the year. This CPU contains fixes for 198 CVEs in 334 security updates across 28 Oracle product families. Out of the 334 security updates published this quarter, 10.5% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 44.6%, followed by medium severity patches at 39.5%.

A  pie chart with a hole in the center featuring metrics associated with the Oracle Critical Patch Update (CPU) for October 2024 showing a breakdown of security patches from Critical (35, High (149), Medium (132)  and Low (18).

This quarter’s update includes 35 critical patches across 16 CVEs.

SeverityIssues PatchedCVEs
Critical3516
High14986
Medium13280
Low1816
Total334198

Analysis

This quarter, the Oracle Commerce product family contained the highest number of patches at 100, accounting for 29.9% of the total patches, followed by Oracle Hyperion at 45 patches, which accounted for 13.5% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product FamilyNumber of PatchesRemote Exploit without Authentication
Oracle Commerce10081
Oracle Hyperion4512
Oracle Financial Services Applications3225
Oracle E-Business Suite2015
Oracle Communications Applications181
Oracle SQL Developer1310
Oracle Food and Beverage Applications127
Oracle Java SE122
Oracle Secure Backup95
Oracle Hospitality Applications88
Oracle Autonomous Health Framework74
Oracle Communications73
Oracle Siebel CRM75
Oracle Database Server62
Oracle Systems50
Oracle Essbase41
Oracle MySQL44
Oracle Application Express31
Oracle Enterprise Manager33
Oracle Fusion Middleware33
Oracle Analytics31
Oracle Retail Applications33
Oracle Supply Chain33
Oracle Graph Server and Client22
Oracle PeopleSoft22
Oracle Blockchain Platform11
Oracle GoldenGate10
Oracle NoSQL Database11

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2024 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.