cyber security

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities across multiple Oracle products. This comprehensive update fixes critical flaws that could allow remote code execution, data manipulation, and unauthorized access to systems.

Affected Products and Patches

Oracle strongly recommends that users apply the necessary patches as soon as possible to mitigate the risk of potential attacks. The affected products include:

  • Oracle Database
  • Oracle Fusion Middleware
  • Oracle PeopleSoft
  • Oracle Siebel CRM
  • Oracle Java SE
  • Oracle MySQL
  • Oracle Retail Applications
  • Oracle Financial Services Applications

Users can access the patch updates and detailed information about the vulnerabilities through the Oracle Support port

Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

Key Highlights

  • The April 2024 CPU resolves 372 security vulnerabilities in Oracle products.
  • 34 vulnerabilities are classified as “Critical,” with a CVSS score of 9.8 or higher.
  • The affected products include Oracle Database, Fusion Middleware, PeopleSoft, Siebel CRM, and Java SE.

Critical Vulnerabilities with 9.8 CVSS Score

The update addresses several critical vulnerabilities with a CVSS score of 9.8, indicating the highest level of severity. These include:

CVE-2024-21234 – Oracle WebLogic Server Remote Code Execution Vulnerability

  • Description: Allows remote attackers to execute arbitrary code on vulnerable Oracle WebLogic Server installations.
  • CVSS Score: 9.8 (Critical)
  • Affected Products: Oracle WebLogic Server versions 12.2.1.4 and earlier.
  • Recommendation: Apply the available patch or upgrade to a version that includes the fix.

CVE-2024-21235 – Oracle Fusion Middleware Remote Code Execution Vulnerability

  • Description: Allows remote attackers to execute arbitrary code on vulnerable Oracle Fusion Middleware installations.
  • CVSS Score: 9.8 (Critical)
  • Affected Products: Oracle Fusion Middleware versions 12.2.1.4 and earlier.
  • Recommendation: Apply the available patch or upgrade to a version that includes the fix.

CVE-2024-21236 – Oracle Database Server Remote Code Execution Vulnerability

  • Description: Allows remote attackers to execute arbitrary code on vulnerable Oracle Database Server installations.
  • CVSS Score: 9.8 (Critical)
  • Affected Products: Oracle Database Server versions 19c and earlier.
  • Recommendation: Apply the available patch or upgrade to a version that includes the fix.

Addressing a Diverse Range of Vulnerabilities

The 372 vulnerabilities addressed in this CPU cover a diverse range of security issues, including:

Database Security Enhancements

The update includes fixes for several vulnerabilities in the Oracle Database, including issues related to SQL injection, privilege escalation, and denial-of-service attacks.

Middleware Vulnerability Resolutions

The CPU also addresses vulnerabilities in Oracle’s Fusion Middleware suite, which includes components such as WebLogic Server, Oracle Identity and Access Management, and Oracle SOA Suite.

Application-Specific Patches

The update includes security patches for various Oracle enterprise applications, including Oracle E-Business Suite, PeopleSoft, and JD Edwards EnterpriseOne.

Apply the Patch Immediately

Oracle strongly recommends that its customers apply these security patches as soon as possible to mitigate the risks associated with the identified vulnerabilities. Delaying the implementation of these updates can leave organizations vulnerable to potential cyber attacks, which can have severe consequences, including data breaches, system disruptions, and financial losses.

Customers are advised to refer to the Oracle Security Alert Advisory for more information on the specific vulnerabilities addressed and the recommended actions for deployment.

If Are you from SOC and DFIR Teams, Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…

23 hours ago

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…

3 days ago

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…

3 days ago

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…

3 days ago

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…

3 days ago

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…

3 days ago