www.oracle.com
Open in
urlscan Pro
2a02:26f0:3100:3b3::a15
Public Scan
URL:
https://www.oracle.com/security-alerts/cpuoct2024.html
Submission: On October 14 via api from DE — Scanned from DE
Submission: On October 14 via api from DE — Scanned from DE
Form analysis 1 forms found in the DOM
Name: u30searchForm — GET https://search.oracle.com/results
<form name="u30searchForm" id="u30searchForm" data-contentpaths="/content/Web/Shared/Auto-Suggest Panel Event" method="get" action="https://search.oracle.com/results">
<div class="u30s1">
<button id="u30closesearch" aria-label="Close Search" type="button">
<span>Close Search</span>
<svg width="9" height="14" viewBox="0 0 9 14" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M8 13L2 7L8 1" stroke="#161513" stroke-width="2"></path>
</svg>
</button>
<span class="u30input">
<div class="u30inputw1">
<input id="u30input" name="q" value="" type="text" placeholder="Search" autocomplete="off" aria-autocomplete="both" aria-label="Search Oracle.com" role="combobox" aria-expanded="false" aria-haspopup="listbox" aria-controls="u30searchw3">
</div>
<input type="hidden" name="size" value="10">
<input type="hidden" name="page" value="1">
<input type="hidden" name="tab" value="all">
<span id="u30searchw3title" class="u30visually-hidden">Search Oracle.com</span>
<div id="u30searchw3" data-pagestitle="SUGGESTED LINKS" data-autosuggesttitle="SUGGESTED SEARCHES" data-allresultstxt="All results for" data-allsearchpath="https://search.oracle.com/results?q=u30searchterm&size=10&page=1&tab=all"
role="listbox" aria-labelledby="u30searchw3title" style="margin-left: 0px;">
<ul id="u30quicklinks" class="autocomplete-items" role="group" aria-labelledby="u30quicklinks-title">
<li role="presentation" class="u30auto-title" id="u30quicklinks-title">QUICK LINKS</li>
<li role="option"><a href="/cloud/" data-lbl="quick-links:oci">Oracle Cloud Infrastructure</a>
</li>
<li role=" option"><a href="/applications/" data-lbl="quick-links:applications">Oracle Fusion Cloud Applications</a></li>
<li role="option"><a href="/database/technologies/" data-lbl="quick-links:database">Oracle Database</a></li>
<li role="option"><a href="/java/technologies/downloads/" data-lbl="quick-links:download-java">Download Java</a>
</li>
<li role="option"><a href="/careers/" data-lbl="quick-links:careers">Careers at Oracle</a></li>
</ul>
</div>
<span class="u30submit">
<input class="u30searchbttn" type="submit" value="Submit Search">
</span>
<button id="u30clear" type="reset" aria-label="Clear Search">
<svg width="20" height="20" viewBox="0 0 20 20" aria-hidden="true" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M7 7L13 13M7 13L13 7M19 10C19 14.9706 14.9706 19 10 19C5.02944 19 1 14.9706 1 10C1 5.02944 5.02944 1 10 1C14.9706 1 19 5.02944 19 10Z" stroke="#161513" stroke-width="2"></path>
</svg>
</button>
</span>
</div>
</form>Text Content
* Skip to content * Accessibility Policy * Products * Industries * Resources * Customers * Partners * Developers * Company Close Search Search Oracle.com * QUICK LINKS * Oracle Cloud Infrastructure * Oracle Fusion Cloud Applications * Oracle Database * Download Java * Careers at Oracle Search Country Close Would you like to visit an Oracle country site closer to you? Visit Oracle Germany No thanks, I'll stay here See this page for a different country/region View Accounts Back Cloud Account Sign in to Cloud Sign Up for Free Cloud Tier Oracle Account * Sign-In * Create an Account * Help * Sign Out Contact Sales Menu Menu ORACLE CRITICAL PATCH UPDATE PRE-RELEASE ANNOUNCEMENT - OCTOBER 2024 DESCRIPTION This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for October 2024, which will be released on Tuesday, October 15, 2024. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update addresses 329 new security patches. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update patches as soon as possible. EXECUTIVE SUMMARIES ORACLE DATABASE SERVER EXECUTIVE SUMMARY This Critical Patch Update contains 6 new security patches for Oracle Database Products. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. 1 of these patches is applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Database Server is 5.3. The Oracle Database Server components and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Database Server, versions 19.3-19.24, 21.3-21.15, 23.4-23.5 ORACLE APPLICATION EXPRESS EXECUTIVE SUMMARY This Critical Patch Update contains 3 new security patches for Oracle Application Express. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Application Express is 6.3. The Oracle Application Express products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Application Express, versions 23.1, 23.2, 24.1 ORACLE BLOCKCHAIN PLATFORM EXECUTIVE SUMMARY This Critical Patch Update contains 7 new security patches for Oracle Blockchain Platform. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Blockchain Platform is 7.5. The Oracle Blockchain Platform products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Blockchain Platform, version 21.1.2 ORACLE ESSBASE EXECUTIVE SUMMARY This Critical Patch Update contains 1 new security patch for Oracle Essbase. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Essbase is 6.5. The Oracle Essbase products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Essbase, version 21.6 ORACLE GOLDENGATE EXECUTIVE SUMMARY This Critical Patch Update contains 4 new security patches for Oracle GoldenGate. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle GoldenGate is 5.3. The Oracle GoldenGate products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.9 * Oracle GoldenGate Big Data and Application Adapters, versions 19.1.0.0.0-19.1.0.0.9 ORACLE NOSQL DATABASE EXECUTIVE SUMMARY This Critical Patch Update contains 1 new security patch for Oracle NoSQL Database. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle NoSQL Database is 4.3. The Oracle NoSQL Database products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle NoSQL Database, versions 20.3.40, 21.2.71, 22.3.45, 23.3.33, 24.1.17 ORACLE SECURE BACKUP EXECUTIVE SUMMARY This Critical Patch Update contains 2 new security patches for Oracle Secure Backup. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Secure Backup is 7.5. The Oracle Secure Backup products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Secure Backup, versions 18.1.0.1.0, 18.1.0.2.0 ORACLE SQL DEVELOPER EXECUTIVE SUMMARY This Critical Patch Update contains 1 new security patch for Oracle SQL Developer. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle SQL Developer is 5.9. The Oracle SQL Developer products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle SQL Developer, version 23.1.0 ORACLE COMMERCE EXECUTIVE SUMMARY This Critical Patch Update contains 9 new security patches for Oracle Commerce. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Commerce is 9.8. The Oracle Commerce products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Commerce Guided Search, versions 11.3.2, 11.4.0 * Oracle Commerce Platform, versions 11.3.0, 11.3.1, 11.3.2 ORACLE COMMUNICATIONS APPLICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 13 new security patches for Oracle Communications Applications. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Communications Applications is 9.8. The Oracle Communications Applications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Communications ASAP, version 7.4.3.0.2 * Oracle Communications Convergent Charging Controller, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0, 15.0.0.0.0 * Oracle Communications IP Service Activator, versions 7.4.0, 7.5.0 * Oracle Communications Messaging Server, version 8.1 * Oracle Communications Network Charging and Control, versions 6.0.1.0.0, 12.0.1.0.0-12.0.6.0.0, 15.0.0.0.0 * Oracle Communications Order and Service Management, versions 7.4.0, 7.4.1, 7.5.0 * Oracle Communications Unified Assurance, versions 5.5.0-5.5.22, 6.0.0-6.0.5 ORACLE COMMUNICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 98 new security patches for Oracle Communications. 79 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Communications is 9.8. The Oracle Communications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Management Cloud Engine, version 24.1.0.0.0 * Oracle Communications Cloud Native Core Automated Test Suite, versions 23.4.3, 23.4.4, 24.1.1, 24.2.2 * Oracle Communications Cloud Native Core Binding Support Function, versions 23.4.0-23.4.5 * Oracle Communications Cloud Native Core Certificate Management, versions 23.4.2, 23.4.3, 24.2.0 * Oracle Communications Cloud Native Core Console, versions 23.4.2, 24.2.0 * Oracle Communications Cloud Native Core DBTier, versions 24.1.0, 24.2.0 * Oracle Communications Cloud Native Core Network Function Cloud Native Environment, versions 23.4.0, 24.1.0-24.2.0 * Oracle Communications Cloud Native Core Network Repository Function, versions 23.4.4, 24.2.1 * Oracle Communications Cloud Native Core Network Slice Selection Function, version 24.2.0 * Oracle Communications Cloud Native Core Policy, versions 23.4.0-23.4.6 * Oracle Communications Cloud Native Core Security Edge Protection Proxy, versions 23.4.2, 24.2.0 * Oracle Communications Cloud Native Core Service Communication Proxy, versions 23.4.0, 24.1.0, 24.2.0 * Oracle Communications Cloud Native Core Unified Data Repository, version 24.2.0 * Oracle Communications Core Session Manager, version 9.1.5 * Oracle Communications EAGLE Application Processor, version 17.0.1 * Oracle Communications LSMS, version 14.0.0.1 * Oracle Communications Network Analytics Data Director, versions 23.4.0, 24.1.0, 24.2.0 * Oracle Communications Operations Monitor, versions 5.1, 5.2 * Oracle Communications Performance Intelligence Center, versions prior to 10.4.0.4 * Oracle Communications Policy Management, versions 12.6.1.0.0, 15.0.0.0.0 * Oracle Communications Session Border Controller, versions 9.1.0, 9.2.0, 9.3.0 * Oracle Communications User Data Repository, versions 12.11.0, 14.0 * Oracle Enterprise Communications Broker, versions 4.1.0, 4.2.0 * Oracle Enterprise Operations Monitor, versions 5.1, 5.2 * Oracle SD-WAN Aware, version 9.0.1.10.0 * Oracle SD-WAN Edge, versions 9.1.1.3.0, 9.1.1.5.0-9.1.1.8.0, 9.1.1.9.0 ORACLE E-BUSINESS SUITE EXECUTIVE SUMMARY This Critical Patch Update contains 18 new security patches for Oracle E-Business Suite. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle E-Business Suite is 8.1. The Oracle E-Business Suite products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle E-Business Suite, versions 12.2.3-12.2.14, [ECC] 11-13 ORACLE ENTERPRISE MANAGER EXECUTIVE SUMMARY This Critical Patch Update contains 6 new security patches for Oracle Enterprise Manager. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. None of these patches are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager installed. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Enterprise Manager is 9.8. The Oracle Enterprise Manager products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Application Testing Suite, version 13.3.0.1 * Oracle Enterprise Manager Base Platform, versions 12.2.1.4.0, 13.5.0.0 ORACLE FINANCIAL SERVICES APPLICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 19 new security patches for Oracle Financial Services Applications. 14 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Financial Services Applications is 9.1. The Oracle Financial Services Applications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Banking APIs, versions 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0 * Oracle Banking Cash Management, versions 14.7.4.0.0, 14.7.5.0.0 * Oracle Banking Corporate Lending Process Management, versions 14.4.0.0.0, 14.5.0.0.0, 14.6.0.0.0, 14.7.0.0.0 * Oracle Banking Digital Experience, versions 19.2.0.0.0, 21.1.0.0.0, 22.1.0.0.0, 22.2.0.0.0 * Oracle Banking Liquidity Management, versions 14.5.0.12.0, 14.7.0.6.0, 14.7.4.0.0, 14.7.5.0.0 * Oracle Banking Supply Chain Finance, versions 14.7.4.0.0, 14.7.5.0.0 * Oracle Financial Services Compliance Studio, versions 8.1.2.7, 8.1.2.8 ORACLE FOOD AND BEVERAGE APPLICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 3 new security patches for Oracle Food and Beverage Applications. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Food and Beverage Applications is 7.5. The Oracle Food and Beverage Applications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Hospitality Simphony, versions 19.1.0-19.6.2 ORACLE FUSION MIDDLEWARE EXECUTIVE SUMMARY This Critical Patch Update contains 30 new security patches for Oracle Fusion Middleware. 25 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Fusion Middleware is 9.8. The Oracle Fusion Middleware products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Access Manager, version 12.2.1.4.0 * Oracle Business Activity Monitoring, version 12.2.1.4.0 * Oracle Business Process Management Suite, version 12.2.1.4.0 * Oracle Enterprise Data Quality, version 12.2.1.4.0 * Oracle Enterprise Manager for Fusion Middleware, version 12.2.1.4.0 * Oracle Enterprise Manager Fusion Middleware Control, version 12.2.1.4.0 * Oracle Global Lifecycle Management FMW Installer, version 12.2.1.4.0 * Oracle HTTP Server, versions 12.2.1.4.0, 14.1.1.0.0 * Oracle Identity Manager Connector, version 12.2.1.3.0 * Oracle Managed File Transfer, version 12.2.1.4.0 * Oracle Middleware Common Libraries and Tools, version 12.2.1.4.0 * Oracle Outside In Technology, version 8.5.7 * Oracle Service Bus, version 12.2.1.4.0 * Oracle WebCenter Forms Recognition, version 14.1.1.0.0 * Oracle WebCenter Portal, version 12.2.1.4.0 * Oracle WebCenter Sites, version 12.2.1.4.0 * Oracle WebLogic Server, versions 12.2.1.4.0, 14.1.1.0.0 ORACLE ANALYTICS EXECUTIVE SUMMARY This Critical Patch Update contains 12 new security patches for Oracle Analytics. 7 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Analytics is 9.8. The Oracle Analytics products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle BI Publisher, versions 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0 * Oracle Business Intelligence Enterprise Edition, versions 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0 ORACLE HOSPITALITY APPLICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 3 new security patches for Oracle Hospitality Applications. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Hospitality Applications is 9.0. The Oracle Hospitality Applications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Hospitality Cruise Shipboard Property Management System, version 23.1.3 * Oracle Hospitality OPERA 5, versions 5.6.19.19, 5.6.25.8, 5.6.26.4 ORACLE HYPERION EXECUTIVE SUMMARY This Critical Patch Update contains 3 new security patches for Oracle Hyperion. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Hyperion is 8.1. The Oracle Hyperion products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Hyperion BI+, version 11.2.18.0.0 * Oracle Hyperion Financial Management, version 11.2.18.0.0 * Oracle Hyperion Infrastructure Technology, version 11.2.18.0.0 ORACLE JAVA SE EXECUTIVE SUMMARY This Critical Patch Update contains 8 new security patches for Oracle Java SE. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Java SE is 8.1. The Oracle Java SE products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle GraalVM Enterprise Edition, versions 20.3.15, 21.3.11 * Oracle GraalVM for JDK, versions 17.0.12, 21.0.4, 23 * Oracle Java SE, versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 ORACLE MYSQL EXECUTIVE SUMMARY This Critical Patch Update contains 45 new security patches for Oracle MySQL. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle MySQL is 9.1. The Oracle MySQL products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * MySQL Client, versions 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior * MySQL Cluster, versions 7.5.35 and prior, 7.6.31 and prior, 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior * MySQL Connectors, versions 9.0.0 and prior * MySQL Enterprise Backup, versions 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior * MySQL Enterprise Monitor, versions 8.0.39 and prior * MySQL Server, versions 8.0.39 and prior, 8.4.2 and prior, 9.0.1 and prior * MySQL Workbench, versions 8.0.38 and prior ORACLE PEOPLESOFT EXECUTIVE SUMMARY This Critical Patch Update contains 12 new security patches for Oracle PeopleSoft. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle PeopleSoft is 8.8. The Oracle PeopleSoft products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * PeopleSoft Enterprise CC Common Application Objects, version 9.2 * PeopleSoft Enterprise ELM Enterprise Learning Management, version 9.2 * PeopleSoft Enterprise FIN Expenses, version 9.2 * PeopleSoft Enterprise HCM Global Payroll Core, versions 9.2.48-9.2.50 * PeopleSoft Enterprise PeopleTools, versions 8.59, 8.60, 8.61 ORACLE RETAIL APPLICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 4 new security patches for Oracle Retail Applications. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Retail Applications is 7.5. The Oracle Retail Applications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Retail Customer Management and Segmentation Foundation, version 19.0.0.10 * Oracle Retail EFTLink, versions 20.0.1, 21.0.0, 22.0.0, 23.0.0 ORACLE SIEBEL CRM EXECUTIVE SUMMARY This Critical Patch Update contains 2 new security patches for Oracle Siebel CRM. Both of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Siebel CRM is 7.5. The Oracle Siebel CRM products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Siebel Applications, versions 24.7 and prior ORACLE SUPPLY CHAIN EXECUTIVE SUMMARY This Critical Patch Update contains 3 new security patches for Oracle Supply Chain. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Supply Chain is 8.1. The Oracle Supply Chain products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Agile PLM, version 9.3.6 * Oracle Autovue for Agile Product Lifecycle Management, version 21.1.0 ORACLE SYSTEMS EXECUTIVE SUMMARY This Critical Patch Update contains 7 new security patches for Oracle Systems. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Systems is 9.8. The Oracle Systems products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Solaris Cluster, version 4 ORACLE UTILITIES APPLICATIONS EXECUTIVE SUMMARY This Critical Patch Update contains 4 new security patches for Oracle Utilities Applications. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Utilities Applications is 7.2. The Oracle Utilities Applications products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle Utilities Application Framework, versions 4.0.0.0.0, 4.0.0.2.0, 4.0.0.3.0, 4.3.0.3.0-4.3.0.6.0, 4.5.0.0.0 * Oracle Utilities Network Management System, versions 2.4.0.1.25, 2.5.0.1.14, 2.5.0.2.8, 2.6.0.1.5 ORACLE VIRTUALIZATION EXECUTIVE SUMMARY This Critical Patch Update contains 5 new security patches for Oracle Virtualization. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials. The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle Virtualization is 7.5. The Oracle Virtualization products and versions affected by vulnerabilities that are addressed in this Critical Patch Update are: * Oracle VM VirtualBox, versions prior to 7.0.22, prior to 7.1.2 RESOURCES FOR * Careers * Developers * Investors * Partners * Researchers * Students and Educators WHY ORACLE * Analyst Reports * Best cloud-based ERP * Cloud Economics * Social Impact * Culture and Inclusion * Security Practices LEARN * What is cloud computing? * What is CRM? * What is Docker? * What is Kubernetes? * What is Python? * What is SaaS? NEWS AND EVENTS * News * Oracle CloudWorld * Oracle CloudWorld Tour * Oracle Health Summit * Oracle DevLive * Search all events CONTACT US * DE Sales +49 6103 397 003 * US Sales: +1.800.633.0738 * How can we help? * Subscribe to emails * Integrity Helpline -------------------------------------------------------------------------------- * * © 2024 Oracle * Privacy/Do Not Sell My Info * Cookie-Einstellungen * Ad Choices * Careers * * * *