Oracle Family Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in the Oracle family of products. users of affected products are advised to update to the latest version.
Affected Products
Cve-2024-20924, cve-2024-20909
Oracle Audit Vault and Database Firewall versions 20.1-20.9
CVE-2023-22102
Oracle Communications Cloud Native Core Network Repository Function 23.3.1 version
Cve-2024-20916, cve-2023-1436, cve-2024-20917
Oracle Enterprise Manager Base Platform 13.5.0.0 version
CVE-2023-21901
Oracle Financial Services Analytical Applications Infrastructure 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1, 8.1.2 Versions
Cve-2024-20927, cve-2024-20931
Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0, 14.1.1.0.0 versions
CVE-2024-20918
Oracle Java SE 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1 Versions
Oracle GraalVM for JDK 17.0.9, 21.0.1 Versions
Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8, 22.3.4 versions
CVE-2024-20932
Oracle Java SE 17.0.9 version
Oracle GraalVM for JDK 17.0.9 version
Oracle GraalVM Enterprise Edition 21.3.8, 22.3.4 Versions
CVE-2024-20952
Oracle Java SE 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1 Versions
Oracle GraalVM for JDK 17.0.9, 21.0.1 Versions
Oracle GraalVM Enterprise Edition 20.3.12, 21.3.8, 22.3.4 versions
CVE-2024-20953
Oracle Agile PLM Version 9.3.6
CVE-2024-20956
Oracle Agile Product Lifecycle Management for Process 6.2.4.2 and earlier versions
Resolved Vulnerabilities
Vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products in Oracle Java SE that allows attackers with network access via multiple protocols to gain unauthorized access to data (CVE-2024-20918)
Vulnerability in Oracle Enterprise Manager in the Oracle Enterprise Manager product via HTTP that could allow attackers with network access to gain unauthorized access to data (CVE-2024-20917)
Vulnerability in Oracle WebLogic Server product in Oracle Fusion Middleware that could allow an attacker with network access via HTTP to modify the permissions on accessible data (CVE-2024-20927)
Vulnerability in the MySQL Connectors product in Oracle MySQL that could allow an attacker with network access via multiple protocols to take over MySQL Connectors (CVE-2023-22102)
Vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products in Oracle Java SE that could allow attackers with network access via multiple protocols to gain unauthorized access to data (CVE-2024-20932)
Vulnerability in the Oracle Enterprise Manager product in Oracle Enterprise Manager that could allow a highly privileged attacker to gain unauthorized access to data by accessing a physical communication segment connected to the hardware on which the Oracle Enterprise Manager Base Platform runs (CVE-2024-20916)
Vulnerability in Oracle Agile Product Lifecycle Management for Process product in Oracle Supply Chain that could allow an attacker with network access via HTTP to gain unauthorized access to data (CVE-2024-20956)
Vulnerability in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products in Oracle Java SE that could allow attackers with network access via multiple protocols to gain unauthorized access to data (CVE-2024-20952)
Vulnerabilities in Oracle Audit Vault and Database Firewall products that could allow attackers with network access via Oracle Net to take over the product (CVE-2024-20924, CVE-2024-20909)
Vulnerability in Oracle Financial Services Analytical Applications Infrastructure product in Oracle Financial Services Applications that could allow an attacker with network access via HTTP to gain unauthorized access to data (CVE-2023-21901)
Vulnerability in Oracle WebLogic Server product in Oracle Fusion Middleware that could allow an attacker with network access via T3, IIOP to gain unauthorized access to data (CVE-2024-20931)
Vulnerability in the Oracle Agile PLM product in Oracle Supply Chain in Oracle Fusion Middleware that could allow an attacker with network access via HTTP to take over the product (CVE-2024-20953)
Vulnerability Patches
vulnerability Patches have been made available in the latest update. For more information on Vulnerability Patches, please refer to the Referenced Sites documentation.
Referenced Sites
[1] Oracle Critical Patch Update Advisory – January 2024
https://www.oracle.com/security-alerts/cpujan2024.html