Major Oracle Security Update: April 2024

Posted on by

441 Patches... 372 Vulnerabilities

Last week, Oracle released its quarterly patches in one of its largest security updates in recent years, deploying 441 critical patches to address 372 vulnerabilities across various products.

Among these, more than 30 vulnerabilities have been classified with a severity higher than 9.5 on the CVSSv3 scale, highlighting the urgency of applying these patches.

 

Among the most critical vulnerabilities are:

  • CVE-2024-21234: Remote code execution in Oracle WebLogic Server. It is recommended to apply the available patch immediately.
  • CVE-2024-21235: Remote code execution in Oracle Fusion Middleware. Critical update needed to prevent unauthorized access.
  • CVE-2024-21236: Remote code execution in Oracle Database Server. Users are urged to update to secure versions as soon as possible.

 

🔴 Associated Risks:

  • Government (Large, medium and low government entities): HIGH
  • Businesses (Large, medium and low business entities): HIGH
  • Home users: LOW

 

🛡️ Remediation Actions:

This proactive process for us involves reacting to the official product release, monitoring its impact on our client's infrastructure, and designing a patching strategy that often involves various manual processes due to the complexity inherent in many of these applications.

 

🔴 Affected Products and Versions:

Autonomous Health Framework

Management Cloud Engine

MySQL

Oracle Banking

OPatch

Oracle Access Manager

Oracle Agile

Oracle Application Testing Suite

Oracle BI

Oracle Big Data

Oracle Business Intelligence

Oracle Coherence

Oracle Commerce

Oracle Communications

Oracle Data Integrator

Oracle Database Server

Oracle Documaker

Oracle EBusiness

Oracle Enterprise Data Quality

Oracle Enterprise Manager

Oracle Essbase

Oracle Financial Services

Oracle FLEXCUBE Private Banking

Oracle Fusion

Oracle Global Lifecycle Management NextGen

Oracle GoldenGate

Oracle GraalVM

Oracle Healthcare

Oracle Hospitality

Oracle HTTP Server

Oracle Hyperion

Oracle Identity

Oracle Internet Directory

Oracle Java SE

Oracle Life Sciences

Oracle Managed File Transfer

Oracle Middleware Common Libraries and Tools

Oracle Outside In Technology

Oracle Retail

Oracle SDWAN Edge

Oracle Smart View for Office

Oracle SOA Suite

Oracle Solaris

Oracle StorageTek Tape Analytics

Oracle TimesTen InMemory Database

Oracle Transportation Management

Oracle Utilities

Oracle VM VirtualBox

Oracle Web Services

Oracle WebCenter

Oracle WebLogicOracle ZFS Storage Appliance Kit

OSS Support Tools

PeopleSoft Enterprise

Primavera

Siebel

 

More info:

Alerta de Seguridad de Oracle

https://www.cisecurity.org/advisory/oracle-quarterly-critical-patches-issued-april-16-2024_2024-042

QuasarCS_Patches_Oracle_Apr2024
Posted in Oracle, Software, Vulnerabilities and tagged , .

Leave a Reply

Your email address will not be published. Required fields are marked *