Oracle protects applications against possible attacks with 318 security updates
Attackers can exploit many vulnerabilities in Oracle Financial Services, MySQL and WebLogic Server, among others.
Security vulnerabilities in Oracle products put users at risk.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Admins of companies with Oracle applications should install the security updates that are now available promptly. If this is not done, attackers can completely compromise systems in the worst case.
Attacks may be imminent
In a report on Oracle's quarterly Critical Patch Update, the software developer writes that they have released a total of 318 security updates. To prevent possible attacks, Oracle advises users to update quickly. So far, there are no reports of attacks already underway. Admins should also ensure that the updates from previous quarterly updates are installed.
If you look at the affected applications listed in Oracle's warning notice, the majority of the software portfolio is vulnerable. These include, for example, Agile Engineering Data Management, Cloud Native Core Automated Test Suite and Identity Manager.
Dangerous security vulnerabilities
Attackers can target a “critical” vulnerability (CVE-2024-37371) in the Kerberos component of Communications Billing and Revenue Management. Attacks should be possible remotely. It is not clear from the description what attackers can actually do after a successful attack. It reads as if this would lead to memory errors, which is usually the basis for the execution of malicious code.
Videos by heise
Another “critical” vulnerability (CVE-2023-46604) threatens Communications Diameter Signaling Routers. At this point, remote attackers can execute their code. Admins should study Oracle's post carefully to find the security updates that affect them.
Oracle is planning the next quarterly update for April 15, 2025. If there are attacks meanwhile, the software manufacturer usually publishes emergency updates.
(des)
