- 206/2024
- Critical
Oracle released its critical patch updates for July 2024, containing (386) new security patches for multiple affected products in Oracle code and third-party components.
The addressed vulnerabilities could allow the attacker to perform various attacks such as obtaining sensitive information, performing denial of service attacks, bypassing security restrictions, data manipulation (view, modify, add, delete), executing arbitrary code, and gaining access to the affected systems.
Sample of the addressed vulnerabilities:
1. Oracle WebLogic Server Code Execution Vulnerability (CVE-2024-21181):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Oracle Enterprise Asset Management Code Injection Vulnerability (CVE-2024-21149):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Data Manipulation
Sample of the affected products:
- Oracle Analytics Desktop.
- Oracle Application Testing Suite.
- Oracle Banking Credit Facilities Process Management.
- Oracle Banking Platform.
- Oracle Enterprise Manager.
- Oracle Banking Deposits and Lines of Credit Servicing.
- Oracle Financial Services Behavior Detection Platform.
- Oracle WebLogic Server.
The complete list of the affected products: Oracle Advisory – July 2024
Vulnerabilities
Mitigations
Mitigation sectionThe enterprise should deploy this patch as soon as the testing phase is completed.