Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.
On October 15, Oracle released its Critical Patch Update (CPU) for October 2024, the fourth and final quarterly update of the year. This CPU contains fixes for 198 CVEs in 334 security updates across 28 Oracle product families. Out of the 334 security updates published this quarter, 10.5% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 44.6%, followed by medium severity patches at 39.5%.
This quarter’s update includes 35 critical patches across 16 CVEs.
Severity | Issues Patched | CVEs |
---|---|---|
Critical | 35 | 16 |
High | 149 | 86 |
Medium | 132 | 80 |
Low | 18 | 16 |
Total | 334 | 198 |
This quarter, the Oracle Commerce product family contained the highest number of patches at 100, accounting for 29.9% of the total patches, followed by Oracle Hyperion at 45 patches, which accounted for 13.5% of the total patches.
A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.
Oracle Product Family | Number of Patches | Remote Exploit without Authentication |
---|---|---|
Oracle Commerce | 100 | 81 |
Oracle Hyperion | 45 | 12 |
Oracle Financial Services Applications | 32 | 25 |
Oracle E-Business Suite | 20 | 15 |
Oracle Communications Applications | 18 | 1 |
Oracle SQL Developer | 13 | 10 |
Oracle Food and Beverage Applications | 12 | 7 |
Oracle Java SE | 12 | 2 |
Oracle Secure Backup | 9 | 5 |
Oracle Hospitality Applications | 8 | 8 |
Oracle Autonomous Health Framework | 7 | 4 |
Oracle Communications | 7 | 3 |
Oracle Siebel CRM | 7 | 5 |
Oracle Database Server | 6 | 2 |
Oracle Systems | 5 | 0 |
Oracle Essbase | 4 | 1 |
Oracle MySQL | 4 | 4 |
Oracle Application Express | 3 | 1 |
Oracle Enterprise Manager | 3 | 3 |
Oracle Fusion Middleware | 3 | 3 |
Oracle Analytics | 3 | 1 |
Oracle Retail Applications | 3 | 3 |
Oracle Supply Chain | 3 | 3 |
Oracle Graph Server and Client | 2 | 2 |
Oracle PeopleSoft | 2 | 2 |
Oracle Blockchain Platform | 1 | 1 |
Oracle GoldenGate | 1 | 0 |
Oracle NoSQL Database | 1 | 1 |
Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2024 advisory for full details.
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable.io. A representative will be in touch soon.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.
Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
100 assets
Choose your subscription option:
Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.
Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.
Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.
Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.
Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.
Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.
Contact a sales representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.
Thank you for your interest in Tenable Lumin. A representative will be in touch soon.
Please fill out this form with your contact information.
A sales representative will contact you shortly to schedule a demo.
* Field is required
Get the Operational Technology security you need.
Reduce the risk you don’t.
Continuously detect and respond to Active Directory attacks. No agents. No privileges.
On-prem and in the cloud.
Exceptional unified cloud security awaits you!
We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.
Exposure management for the modern attack surface.
Know the exposure of every asset on any platform.
Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.
Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.
Free for 7 days
Tenable Nessus is the most comprehensive vulnerability scanner on the market today.
Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.
Fill out the form below to continue with a Nessus Pro trial.
Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.
Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.
Free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.
Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.
Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.