Connect with us

Hi, what are you looking for?



Oracle Patches 230 Vulnerabilities With April 2024 CPU

Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update.


Oracle on Tuesday announced 441 new security patches as part of its April 2024 Critical Patch Update. More than 200 of them address flaws that can be exploited by remote, unauthenticated attackers.

SecurityWeek has identified roughly 230 unique CVEs in Oracle’s April 2024 CPU. More than 30 security patches address critical-severity vulnerabilities.

Oracle Communications received the largest number of security patches this month, at 93. Of these, 71 address bugs that are remotely exploitable, without authentication.

Next in line are Fusion Middleware (51 security patches – 35 addressing remotely exploitable, unauthenticated issues), Financial Services Applications (49 – 30), and E-Business Suite (47 – 43).

Numerous patches were also released for MySQL (36 patches – 9 for vulnerabilities exploitable remotely, without authentication), Systems (22 – 16), Communications Applications (14 – 10), Java SE (13 – 10), Virtualization (13 – 1), Analytics (12 – 5), Enterprise Manager (11 – 7), PeopleSoft (10 – 5), and Retail Applications (10 – 9).

Other Oracle products that received security patches this month include Database Server, Commerce, Construction and Engineering, Insurance Applications, Supply Chain, Support Tools, Food and Beverage Applications, HealthCare Applications, Utilities Applications, Hyperion, Hospitality Applications, Health Sciences Applications, Autonomous Health Framework, Big Data Spatial and Graph, Global Lifecycle Management, and GoldenGate.

The patches for some of these applications address additional security defects as well and some of them resolve multiple non-exploitable flaws. Oracle has released separate fixes for vulnerabilities that impact multiple applications.

Oracle customers are advised to apply the patches as soon as possible.

Advertisement. Scroll to continue reading.

“It has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay,” the tech giant notes.

On Tuesday, Oracle also announced the release of 13 new security patches for third-party components in the Solaris operating system, 71 new patches for Oracle Linux, and 3 new security patches for the Oracle VM Server for x86.

Related: Oracle Patches 200 Vulnerabilities With January 2024 CPU

Related: Oracle Patches 185 Vulnerabilities With October 2023 CPU

Related: Oracle Releases 508 New Security Patches With July 2023 CPU

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights