Lucene search

K
oracleOracleORACLE:CPUOCT2024
HistoryOct 15, 2024 - 12:00 a.m.

Oracle Critical Patch Update Advisory - October 2024

2024-10-1500:00:00
www.oracle.com
35
security patches
oracle code
third party components
cumulative
vulnerabilities
malicious exploit
customer
mos note
product families
security advisories
october 2024

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.963

Percentile

99.6%

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to “Critical Patch Updates, Security Alerts and Bulletins” for information about Oracle Security advisories.

Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.

This Critical Patch Update contains 334 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at October 2024 Critical Patch Update: Executive Summary and Analysis.

Affected configurations

Vulners
Node
oracleapplication_expressRange23.2
OR
oracleapplication_expressRange24.1
OR
oracleapplication_expressRange23.1
OR
oracleblockchain_platformRange21.1.2
OR
oracleessbaseRange21.6
OR
oraclegoldengate_stream_analyticsRange19.1.0.0.0
OR
oraclegoldengate_big_data_and_application_adaptersRange19.1.0.0.0
OR
oraclenosql_databaseRange22.3.45
OR
oraclenosql_databaseRange21.2.71
OR
oraclenosql_databaseRange23.3.33
OR
oraclenosql_databaseRange20.3.40
OR
oraclenosql_databaseRange24.1.17
OR
oraclesecure_backupRange18.1.0.2.0
OR
oraclesecure_backupRange18.1.0.1.0
OR
oraclesql_developerRange23.1.0
OR
oraclecommerce_guided_searchRange11.3.2
OR
oraclecommerce_guided_searchRange11.4.0
OR
oraclecommerce_platformRange11.3.1
OR
oraclecommerce_platformRange11.3.0
OR
oraclecommerce_platformRange11.3.2
OR
oraclecommunications_unified_assuranceRange5.5.0
OR
oraclecommunications_unified_assuranceRange6.0.0
OR
oraclecommunications_convergent_charging_controllerRange12.0.1.0.0
OR
oraclecommunications_convergent_charging_controllerRange15.0.0.0.0
OR
oraclecommunications_convergent_charging_controllerRange6.0.1.0.0
OR
oraclecommunications_ip_service_activatorRange7.4.0
OR
oraclecommunications_ip_service_activatorRange7.5.0
OR
oraclecommunications_messaging_serverRange8.1
OR
oraclecommunications_network_charging_and_controlRange12.0.1.0.0
OR
oraclecommunications_network_charging_and_controlRange15.0.0.0.0
OR
oraclecommunications_network_charging_and_controlRange6.0.1.0.0
OR
oraclecommunications_asapRange7.4.3.0.2
OR
oraclecommunications_order_and_service_managementRange7.4.0
OR
oraclecommunications_order_and_service_managementRange7.5.0
OR
oraclecommunications_order_and_service_managementRange7.4.1
OR
oraclecommunications_cloud_native_core_unified_data_repositoryRange24.2.0
OR
oracleenterprise_communications_brokerRange4.2.0
OR
oracleenterprise_communications_brokerRange4.1.0
OR
oraclesd-wan_awareRange9.0.1.10.0
OR
oraclesd-wan_edgeRange9.1.1.3.0
OR
oraclesd-wan_edgeRange9.1.1.8.0
OR
oraclesd-wan_edgeRange9.1.1.9.0
OR
oraclesd-wan_edgeRange9.1.1.5.0
OR
oraclecommunications_cloud_native_core_binding_support_functionRange23.4.0
OR
oraclecommunications_cloud_native_core_network_repository_functionRange24.2.1
OR
oraclecommunications_cloud_native_core_network_repository_functionRange23.4.4
OR
oraclecommunications_cloud_native_core_policyRange23.4.0
OR
oraclecommunications_cloud_native_core_security_edge_protection_proxyRange24.2.0
OR
oraclecommunications_cloud_native_core_security_edge_protection_proxyRange23.4.2
OR
oraclecommunications_cloud_native_core_service_communication_proxyRange24.2.0
OR
oraclecommunications_cloud_native_core_service_communication_proxyRange24.1.0
OR
oraclecommunications_cloud_native_core_service_communication_proxyRange23.4.0
OR
oraclecommunications_analyticsRange24.2.0
OR
oraclecommunications_analyticsRange24.1.0
OR
oraclecommunications_analyticsRange23.4.0
OR
oraclecommunications_cloud_native_core_automated_test_suiteRange23.4.3
OR
oraclecommunications_cloud_native_core_automated_test_suiteRange24.2.2
OR
oraclecommunications_cloud_native_core_automated_test_suiteRange23.4.4
OR
oraclecommunications_cloud_native_core_automated_test_suiteRange24.1.1
OR
oraclecommunications_cloud_native_core_network_slice_selection_functionRange24.2.0
OR
oraclecommunications_cloud_native_core_policyRange23.4.3
OR
oraclecommunications_cloud_native_core_policyRange24.2.0
OR
oraclecommunications_cloud_native_core_policyRange23.4.2
OR
oraclecommunications_cloud_native_core_consoleRange24.2.0
OR
oraclecommunications_cloud_native_core_consoleRange23.4.2
OR
oraclecommunications_session_route_managerRange9.1.5
OR
oraclecommunications_session_border_controllerRange9.2.0
OR
oraclecommunications_session_border_controllerRange9.1.0
OR
oraclecommunications_session_border_controllerRange9.3.0
OR
oracleenterprise_operations_monitorRange5.2
OR
oracleenterprise_operations_monitorRange5.1
OR
oraclemanagement_cloud_engineRange24.1.0.0.0
OR
oraclecommunications_cloud_native_core_policyRange24.2.0
OR
oraclecommunications_cloud_native_core_policyRange24.1.0
OR
oraclecommunications_operations_monitorRange5.2
OR
oraclecommunications_operations_monitorRange5.1
OR
oraclecommunications_policy_managementRange12.6.1.0.0
OR
oraclecommunications_policy_managementRange15.0.0.0.0
OR
oraclecommunications_user_data_repositoryRange12.11.0
OR
oraclecommunications_user_data_repositoryRange14.0
OR
oraclecommunications_cloud_native_core_network_function_cloud_native_environmentRange24.1.0
OR
oraclecommunications_cloud_native_core_network_function_cloud_native_environmentRange23.4.0
OR
oraclecommunications_lsmsRange14.0.0.1
OR
oraclecommunications_eagle_application_processorRange17.0.1
OR
oraclecommunications_performance_intelligence_centerRange10.4.0.4
OR
oracleadvanced_pricingRange12.2.3
OR
oracleapplications_managerRange12.2.11
OR
oraclecommon_applications_calendarRange12.2.6
OR
oraclepublic_sector_financialsRange12.2.3
OR
oraclelanded_cost_managementRange12.2.12
OR
oraclefield_serviceRange12.2.3
OR
-oracle_financialsRange12.2.3
OR
oracleincentive_compensationRange12.2.3
OR
oraclemanufacturing_execution_system_for_process_manufacturingRange12.2.3
OR
oraclemanufacturing_execution_system_for_process_manufacturingRange12.2.13
OR
oracleproduct_hubRange12.2.3
OR
oraclequotingRange12.2.7
OR
oracleservice_contractsRange12.2.5
OR
oraclesite_hubRange12.2.3
OR
oraclesourcingRange12.2.3
OR
oraclework_in_processRange12.2.3
OR
oracleinstalled_baseRange12.2.3
OR
oracleenterprise_command_center_frameworkRange11
OR
oracleenterprise_manager_base_platformRange13.5.0.0
OR
oracleenterprise_manager_base_platformRange12.2.1.4.0
OR
oracleenterprise_manager_for_peoplesoftRange13.5.1.1.0
OR
oracleapplication_testing_suiteRange13.3.0.1
OR
oraclebanking_cash_managementRange14.7.4.0.0
OR
oraclebanking_cash_managementRange14.7.5.0.0
OR
oraclebanking_supply_chain_financeRange14.7.4.0.0
OR
oraclebanking_supply_chain_financeRange14.7.5.0.0
OR
oraclebanking_apisRange19.2.0.0.0
OR
oraclebanking_apisRange22.1.0.0.0
OR
oraclebanking_apisRange21.1.0.0.0
OR
oraclebanking_apisRange22.2.0.0.0
OR
oraclebanking_digital_experienceRange19.2.0.0.0
OR
oraclebanking_digital_experienceRange22.1.0.0.0
OR
oraclebanking_digital_experienceRange21.1.0.0.0
OR
oraclebanking_digital_experienceRange22.2.0.0.0
OR
oraclefinancial_services_crime_and_compliance_management_studioRange8.1.2.8
OR
oraclefinancial_services_crime_and_compliance_management_studioRange8.1.2.7
OR
oraclebanking_liquidity_managementRange14.7.4.0.0
OR
oraclebanking_liquidity_managementRange14.5.0.12.0
OR
oraclebanking_liquidity_managementRange14.7.0.6.0
OR
oraclebanking_liquidity_managementRange14.7.5.0.0
OR
oraclefinancial_services_revenue_management_and_billingRange4.0.0.0.0
OR
oraclefinancial_services_revenue_management_and_billingRange5.0.0.0.0
OR
oraclefinancial_services_revenue_management_and_billingRange3.0.0.0.0
OR
oraclebanking_corporate_lending_process_managementRange14.5.0.0.0
OR
oraclebanking_corporate_lending_process_managementRange14.6.0.0.0
OR
oraclebanking_corporate_lending_process_managementRange14.4.0.0.0
OR
oraclebanking_corporate_lending_process_managementRange14.7.0.0.0
OR
oraclehospitality_simphonyRange19.1.0
OR
oracleoutside_in_technologyRange8.5.7
OR
oracleweblogic_serverRange12.2.1.4.0
OR
oracleweblogic_serverRange14.1.1.0.0
OR
oraclewebcenter_interactionRange14.1.1.0.0
OR
oracledata_integratorRange12.2.1.4.0
OR
oraclebusiness_activity_monitoringRange12.2.1.4.0
OR
oraclebusiness_process_management_suiteRange12.2.1.4.0
OR
oracleenterprise_data_qualityRange12.2.1.4.0
OR
oracleaccess_managerRange12.2.1.4.0
OR
oraclemiddleware_common_libraries_and_toolsRange12.2.1.4.0
OR
oracleenterprise_manager_for_fusion_middlewareRange12.2.1.4.0
OR
oracleglobal_lifecycle_management_opatchRange12.2.1.4.0
OR
oraclehttp_serverRange12.2.1.4.0
OR
oraclehttp_serverRange14.1.1.0.0
OR
oraclemanaged_file_transferRange12.2.1.4.0
OR
oracleservice_busRange12.2.1.4.0
OR
oraclewebcenter_sitesRange12.2.1.4.0
OR
oraclewebcenter_portalRange12.2.1.4.0
OR
oracleidentity_manager_connectorRange11.1.1.5.0
OR
oracleidentity_manager_connectorRange12.2.1.3.0
OR
oracleenterprise_manager_for_fusion_middlewareRange12.2.1.4.0
OR
oraclebusiness_intelligenceRange7.0.0.0.0enterprise
OR
oraclebusiness_intelligenceRange7.6.0.0.0enterprise
OR
oraclebusiness_intelligenceRange12.2.1.4.0enterprise
OR
oraclebi_publisherRange7.0.0.0.0
OR
oraclebi_publisherRange7.6.0.0.0
OR
oraclebi_publisherRange12.2.1.4.0
OR
oraclehospitality_opera_5Range5.6.26.4
OR
oraclehospitality_opera_5Range5.6.19.19
OR
oraclehospitality_opera_5Range5.6.25.8
OR
oraclehospitality_cruise_shipboard_property_management_systemRange23.1.3
OR
oraclehyperion_financial_managementRange11.2.18.0.000
OR
oraclehyperion_infrastructure_technologyRange11.2.18.0.000
OR
oraclehyperion_bi\+Range11.2.18.0.000
OR
oraclegraalvm_for_jdkRange23
OR
oraclegraalvm_for_jdkRange17.0.12
OR
oraclegraalvm_for_jdkRange21.0.4
OR
oraclejava_seRange8u421
OR
oraclejava_seRange21.3.11
OR
oraclegraalvm_for_jdkRange21.0.4
OR
oraclegraalvm_for_jdkRange23
OR
oraclegraalvm_for_jdkRange8u421
OR
oraclegraalvm_for_jdkRange17.0.12
OR
oraclegraalvm_for_jdkRange11.0.24
OR
oraclegraalvm_for_jdkRange21.3.11
OR
oraclejava_seRange21.0.4
OR
oraclejava_seRange23
OR
oraclejava_seRange8u421
OR
oraclejava_seRange17.0.12
OR
oraclejava_seRange11.0.24
OR
oraclemysql_clusterRange9.0.0
OR
oraclemysql_clusterRange7.6.31
OR
oraclemysql_clusterRange8.4.1
OR
oraclemysql_clusterRange8.0.38
OR
oraclemysql_clusterRange8.0.39
OR
oraclemysql_clusterRange7.5.35
OR
oraclemysql_clusterRange8.4.2
OR
oraclemysql_clusterRange9.0.1
OR
oraclemysql_connectorsRange9.0.0
OR
oraclemysql_connectorsRange8.0.39
OR
oraclemysql_enterprise_backupRange9.0.1
OR
oraclemysql_enterprise_backupRange8.0.39
OR
oraclemysql_enterprise_backupRange8.4.2
OR
oraclemysql_enterprise_monitorRange8.0.39
OR
mysqlmysql_serverRange8.4.1
OR
mysqlmysql_serverRange8.4.0
OR
mysqlmysql_serverRange8.0.38
OR
mysqlmysql_serverRange8.0.39
OR
mysqlmysql_serverRange8.4.2
OR
mysqlmysql_serverRange9.0.1
OR
mysqlmysql_serverRange8.0.35
OR
oraclemysql_workbenchRange8.0.38
OR
-mysql_clientRange9.0.1
OR
-mysql_clientRange8.0.39
OR
-mysql_clientRange8.4.2
OR
oraclepeoplesoft_enterprise_peopletoolsRange8.61
OR
oraclepeoplesoft_enterprise_peopletoolsRange8.59
OR
oraclepeoplesoft_enterprise_peopletoolsRange8.60
OR
oraclepeoplesoft_enterprise_hcm_global_payroll_switzerlandRange9.2.48
OR
oraclepeoplesoft_enterprise_cost_center_common_application_objectsRange9.2
OR
oraclepeoplesoft_enterprise_learning_managementRange9.2
OR
oraclepeoplesoft_enterprise_fin_receivablesRange9.2
OR
oracleretail_eftlinkRange20.0.1
OR
oracleretail_eftlinkRange23.0.0
OR
oracleretail_eftlinkRange22.0.0
OR
oracleretail_eftlinkRange21.0.0
OR
oracleretail_customer_management_and_segmentation_foundationRange19.0.0.10
OR
oraclesiebel_crmRange24.7
OR
oraclesiebel_apps_-_marketingRange24.7
OR
oracleautovue_for_agile_product_lifecycle_managementRange21.1.0
OR
oracleagile_plmRange9.3.6
OR
oraclesolaris_clusterRange4
OR
oracleutilities_frameworkRange4.0.0.3.0
OR
oracleutilities_frameworkRange4.0.0.0.0
OR
oracleutilities_frameworkRange4.3.0.3.0
OR
oracleutilities_frameworkRange4.5.0.0.0
OR
oracleutilities_frameworkRange4.0.0.2.0
OR
oracleutilities_network_management_systemRange2.5.0.1.14
OR
oracleutilities_network_management_systemRange2.5.0.2.8
OR
oracleutilities_network_management_systemRange2.6.0.1.5
OR
oraclevm_virtualboxRange7.0.22
OR
oraclevm_virtualboxRange7.1.2
VendorProductVersionCPE
oracleapplication_express*cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
oracleblockchain_platform*cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
oracleessbase*cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*
oraclegoldengate_stream_analytics*cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*
oraclegoldengate_big_data_and_application_adapters*cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*
oraclenosql_database*cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
oraclesecure_backup*cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*
oraclesql_developer*cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
oraclecommerce_guided_search*cpe:2.3:a:oracle:commerce_guided_search:*:*:*:*:*:*:*:*
oraclecommerce_platform*cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 1181

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.963

Percentile

99.6%