Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Oracle October 2023 Critical Patch Update Addresses 176 CVEs

Oracle addresses 176 CVEs in its fourth quarterly update of 2023 with 387 patches, including 46 critical updates.

Background

On October 17, Oracle released its Critical Patch Update (CPU) for October 2023, the fourth and final quarterly update of the year. This CPU contains fixes for 176 CVEs in 387 security updates across 30 Oracle product families. Out of the 387 security updates published this quarter, 11.9% of patches were assigned a critical severity. Medium severity patches accounted for the bulk of security patches at 48.8%, followed by high severity patches at 37.5%.

This quarter’s update includes 46 critical patches across 19 CVEs.

Severity Issues Patched CVEs
Critical 46 19
High 145 63
Medium 189 88
Low 7 6
Total 387 176

Analysis

This quarter, the Oracle Construction and Engineering product family contained the highest number of patches at 103, accounting for 26.6% of the total patches, followed by Oracle TimesTen In-Memory Database at 91 patches, which accounted for 23.5% of the total patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product Family Number of Patches Remote Exploit without Auth
Oracle Construction and Engineering 103 49
Oracle TimesTen In-Memory Database 91 60
Oracle E-Business Suite 46 35
Oracle Insurance Applications 37 9
Oracle Enterprise Manager 16 11
Oracle JD Edwards 15 9
Oracle Database Server 10 2
Oracle Secure Backup 9 4
Oracle Essbase 6 3
Oracle REST Data Services 6 5
Oracle Communications 5 5
Oracle Hospitality Applications 5 5
Oracle Java SE 5 3
Oracle Commerce 4 1
Oracle Communications Applications 4 3
Oracle Retail Applications 3 2
Oracle Siebel CRM 3 2
Oracle Supply Chain 3 0
Oracle Financial Services Applications 2 2
Oracle Analytics 2 0
Oracle Health Sciences Applications 2 1
Oracle MySQL 2 2
Oracle Big Data Spatial and Graph 1 1
Oracle Global Lifecycle Management 1 1
Oracle GoldenGate 1 0
Oracle Graph Server and Client 1 0
Oracle Fusion Middleware 1 0
Oracle HealthCare Applications 1 1
Oracle Hyperion 1 1
Oracle PeopleSoft 1 1

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the October 2023 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.