Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities across multiple Oracle products. This comprehensive update fixes critical flaws that could allow remote code execution, data manipulation, and unauthorized access to systems.
Oracle strongly recommends that users apply the necessary patches as soon as possible to mitigate the risk of potential attacks. The affected products include:
Users can access the patch updates and detailed information about the vulnerabilities through the Oracle Support port
Free Live Webinar
.for DIFR/SOC Teams
: Securing the Top 3 SME Cyber Attack Vectors - Register Here
The update addresses several critical vulnerabilities with a CVSS score of 9.8, indicating the highest level of severity. These include:
The 372 vulnerabilities addressed in this CPU cover a diverse range of security issues, including:
The update includes fixes for several vulnerabilities in the Oracle Database, including issues related to SQL injection, privilege escalation, and denial-of-service attacks.
The CPU also addresses vulnerabilities in Oracle’s Fusion Middleware suite, which includes components such as WebLogic Server, Oracle Identity and Access Management, and Oracle SOA Suite.
The update includes security patches for various Oracle enterprise applications, including Oracle E-Business Suite, PeopleSoft, and JD Edwards EnterpriseOne.
Oracle strongly recommends that its customers apply these security patches as soon as possible to mitigate the risks associated with the identified vulnerabilities. Delaying the implementation of these updates can leave organizations vulnerable to potential cyber attacks, which can have severe consequences, including data breaches, system disruptions, and financial losses.
Customers are advised to refer to the Oracle Security Alert Advisory for more information on the specific vulnerabilities addressed and the recommended actions for deployment.
If Are you from SOC and DFIR Teams, Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…
An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…
A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…
The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…
NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…