Oracle has released its July 2024 Critical Patch Update (CPU), which includes 386 security patches to address approximately 240 vulnerabilities across its products. Among these patches, over 260 focus on unauthenticated, remotely exploitable vulnerabilities, with more than two dozen addressing critical-severity flaws in various Oracle, including but not limited to: Oracle MySQL, Oracle Database Server, Oracle Enterprise Manager for Oracle Database,Oracle E-Business Suite, Oracle Fusion Middleware.

Security Risks

The successful exploitation of these vulnerabilities poses a significant security risk, as remote attackers could potentially exploit them to gain control over the affected system.

For the full list of security updates released by Oracle, please refer to Critical Patch Updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed software in order to continue receiving technical support and security patches.

2. Before updating or patching, please ensure that you have the latest backup that can easily be restored.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Oracle Critical Patch Update Advisory - July 2024

• Oracle Critical Patch Updates, Security Alerts and Bulletins