Security Advisory

Oracle Family July 2024 Security Update Advisory

  • Jul 17 2024

Overview

Oracle has released security updates to fix vulnerabilities in their products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2024-21184

  • Oracle Database RDBMS Security versions: 19.3 – 19.23

 

CVE-2024-21146

  • Oracle Trade Management versions: 12.2.3 – 12.2.13

 

CVE-2024-21147

  • Oracle Java SE Versions: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1
  • Oracle GraalVM for JDK versions: 17.0.11, 21.0.3, 22.0.1
  • Oracle GraalVM Enterprise Edition versions: 20.3.14, 21.3.10

 

CVE-2024-21153

  • Oracle Process Manufacturing Product Development version: 12.2.13

 

CVE-2024-21149

  • Oracle Enterprise Asset Management versions: 12.2.11 – 12.2.13

 

CVE-2024-21183, CVE-2024-21181, CVE-2024-21182, CVE-2024-21175

  • Oracle WebLogic Server version: 12.2.1.4.0, 14.1.1.0.0

 

CVE-2024-21152

  • Oracle Process Manufacturing Financials versions: 12.2.12-12.2.13

 

CVE-2024-21141

  • Oracle VM VirtualBox version: ~ 7.0.20

 

CVE-2024-21167

  • Oracle Trading Community versions: 12.2.3 – 12.2.13

 

CVE-2024-21136

  • Oracle Retail Xstore Office versions: 19.0.5, 20.0.3, 20.0.4, 22.0.0, 23.0.1

 

 

Resolved Vulnerabilities

 

Vulnerability that could allow a highly privileged attacker with network access via Oracle Net to compromise Oracle Database RDBMS security with execute privileges in SYS.XS_DIAG (CVE-2024-21184)
Vulnerability that could allow a low privileged attacker with network access via HTTP to compromise Oracle Trade Management (CVE-2024-21146)
Vulnerability that allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (CVE-2024-21147)
Vulnerability that could allow low privileged attackers with network access via HTTP to compromise Oracle Process Manufacturing Product Development (CVE-2024-21153)
Vulnerability that could allow a low-privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management (CVE-2024-21149)
Vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server (CVE-2024-21183, CVE-2024-21181, CVE-2024-21182)
Vulnerability that could allow an unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server (CVE-2024-21175)
Vulnerability that could allow a low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Financials (CVE-2024-21152)
Vulnerability that could allow a highly privileged attacker to compromise Oracle VM VirtualBox by logging on to the infrastructure where Oracle VM VirtualBox is running (CVE-2024-21141)
Vulnerability that could allow a low-privileged attacker with network access via HTTP to compromise Oracle Trading Community (CVE-2024-21167)
Vulnerability that could allow an unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office (CVE-2024-21136)

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites[1] to update to the latest Vulnerability Patches version.

 

 

Referenced Sites

[1] Oracle Critical Patch Update Advisory – July 2024

https://www.oracle.com/security-alerts/cpujul2024.html

Tags:

Previous Post

Next Post