Oracle's Critical Patch Update January 2024
What does it mean for you?
Oracle has released its quarterly Critical Patch Update for January 2024 and it highlights 389 new security patches for various security vulnerabilities.
This quarter, 297 of these vulnerabilities are in third-party (typically open-source) components coming as part of the Oracle distribution and therefore common across multiple products. Of these, 214 are either high (7-8.9) or critical (9.0-10) for their CVSS score.
We've listed below the products affected, the number of vulnerabilities found in each, and the CVSS score, which determines the overall risk posed by the vulnerability in your environment.
Why should I apply the Critical Patch Update now?
If you're using any of the products in this list, it's important that you address the vulnerabilities in your estate to maintain the security of your hardware and applications. If you don't apply new Oracle patches, your system could be left vulnerable to cyber-attack or other security threats.
Inoapps' team of technology experts regularly works with customers to ensure their systems remain protected. If, after reading this, you have questions and need support, contact us!
- Oracle Middleware
Oracle has identified 39 new vulnerabilities, of which 29 can be exploited remotely without authentication and have the highest scoring of 9.8 (CRITICAL)
As always Inoapps considers this a priority for customers given the web-facing aspect of deployments and that Fusion Middleware underpins many other products.
3 new vulnerabilities patched with a highest score of 6.5
- Oracle Essbase
3 new vulnerabilities with the highest scoring of 9.8 (CRITICAL)
- Oracle Hyperion
11 new vulnerabilities with the highest scoring of 9.8 (CRITICAL)
4 new vulnerabilities with the highest scoring of 7.5
- Oracle E-Business Suite
19 new vulnerabilities, the highest scoring of 6.5
- Oracle Enterprise Manager
12 new vulnerabilities, the highest scoring of 8.3
It's vital that you stay on top of Critical Patch Updates as these patch sets are cumulative. This list only includes NEW vulnerabilities patched since the last quarterly update and if you have not applied prior patch sets, you will also need to consider vulnerabilities resolved by these.
Whenever a new Critical Patch Update is released, Inoapps' technology consultants are ready to analyze your organization's systems and advise on the best way to implement new updates.
Contact us today for help with patching or securing your estate.