No recent events yet!
Risk: | high |
Damage: |
high |
Platform(s): |
Oracle |
Advisory ID: |
ngCERT-2024-0014 |
Version: |
N/A |
CVE: |
CVE-2024-21107, CVE-2024-21118, CVE-2024-21119 |
Published: |
April 24, 2024 |
Multiple critical vulnerabilities have been reported in Oracle products. The identified security flaws could allow attackers to remotely execute code, manipulate data, or gain unauthorized access to systems. Notably, security research revealed that over 200 vulnerabilities can be exploited remotely by unauthenticated attackers. Nonetheless, Oracle has released its Critical Patch Update (CPU) including 441 security patches, with over 200 addressing remotely exploitable flaws. Also, the released updates include patches for third-party components in Solaris, Oracle Linux, and Oracle VM Server for x86. Accordingly, users are advised to upgrade their products to the latest versions as recommended.
The critical vulnerabilities discovered in Oracle products could be exploited by cyber criminals to remotely execute code, manipulate data, steal data or gain unauthorized access to systems. Remote code execution vulnerabilities are flaws in software and systems that allow an attacker to gain remote unauthorised access as well as run malicious code on a target system. Thereafter, an attacker can exfiltrate sensitive data, destroy data or execute Denial of Service (DoS) attack. Some of the products fixed in the recent critical patch update include; Oracle Database Servers, Oracle Communications Applications, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle banking and financial services platforms, Oracle identity managers, Oracle customers management platforms, Oracle hospitality management platforms, Oracle healthcare management platforms, Oracle database management platforms, Oracle communications management platforms, amongst many other products (see https://www.oracle.com/security-alerts/cpuapr2024.html).
CVE(s): CVE-2024-21107, CVE-2024-21118, CVE-2024-21119, CVE-2024-21109, CVE-2024-21110, CVE-2024-21116, CVE-2024-21016, CVE-2024-21017, CVE-2024-21018, CVE-2024-21019, CVE-2024-21020, CVE-2024-21021, CVE-2024-21022, CVE-2024-21023, CVE-2024-21024, CVE-2024-21025, CVE-2024-21026, CVE-2024-21027, CVE-2024-21028, CVE-2024-21029, CVE-2024-21030, CVE-2024-21031, CVE-2024-21032, CVE-2024-21033, CVE-2024-21034, CVE-2024-21035, CVE-2024-21036, CVE-2024-21037, CVE-2024-21038, CVE-2024-21039, CVE-2024-21040, CVE-2024-21041, CVE-2024-21042, CVE-2024-21043, CVE-2024-21044, CVE-2024-21045, CVE-2024-21046, CVE-2024-21086, CVE-2024-21120
Successful exploitations of the vulnerabilities could result to:
Due to the threat posed by a successful attack, Oracle strongly recommends that: