Oracle April 2023 Critical Patch Update Addresses 231 CVEs

Oracle April 2023 Critical Patch Update Addresses 231 CVEs

Oracle addresses 231 CVEs in its second quarterly update of 2023 with 433 patches, including 74 critical updates.

Background

On April 18, Oracle released its Critical Patch Update (CPU) for April 2023, the second quarterly update of the year. This CPU contains fixes for 231 CVEs in 433 security updates across 33 Oracle product families. Out of the 433 security updates published this quarter, 17.1% of patches were assigned a critical severity. High severity patches accounted for the bulk of security patches at 44.6%, followed by medium severity patches at 35.8%.

This quarter’s update includes 74 critical patches across 33 CVEs. The chart below details the severity and CVE counts for this quarter’s security updates.

Severity
Issues Patched
CVEs
Critical
74
33
High
193
85
Medium
155
103
Low
11
10
Total
433
231

Analysis

This quarter, the Oracle Commerce product family contained the highest number of patches at 77, accounting for 17.8% of the total patches, followed by Oracle E-Business Suite at 76 patches, which accounted for 17.6% of the total patches.

Of the 433 patches in this update, 80 patches cover 52 CVEs which were identified during the period from 2018 – 2021. Of these, 9 patches address 6 CVEs which were given a CVSSv3 score greater than 9. This means legacy vulnerabilities account for 18.5% of the total patches and 12.2% of critical patches.

A full breakdown of the patches for this quarter can be seen in the following table, which also includes a count of vulnerabilities that can be exploited over a network without authentication.

Oracle Product Family
Number of Patches
Remotely Exploitable without Authentication
Oracle Commerce
77
65
Oracle E-Business Suite
76
59
Oracle Enterprise Manager
49
44
Oracle Java SE
34
11
Oracle MySQL
22
16
Oracle Financial Services Applications
20
12
Oracle TimesTen In-Memory Database
18
13
Oracle Insurance Applications
14
8
Oracle Systems
11
1
Oracle Fusion Middleware
10
3
Oracle Analytics
10
8
Oracle JD Edwards
10
8
Oracle Hyperion
9
9
Oracle iLearning
8
7
Oracle Big Data Spatial and Graph
7
5
Oracle SQL Developer
6
6
Oracle PeopleSoft
6
3
Oracle Siebel CRM
6
0
Oracle Database Server
5
0
Oracle Blockchain Platform
4
4
Oracle Communications Applications
4
3
Oracle Communications
4
0
Oracle Construction and Engineering
4
3
Oracle Supply Chain
4
3
Oracle Hospitality Applications
3
2
Oracle Essbase
2
1
Oracle REST Data Services
2
1
Oracle HealthCare Applications
2
1
Oracle Retail Applications
2
2
Oracle GoldenGate
1
0
Oracle Graph Server and Client
1
0
Oracle NoSQL Database
1
0
Oracle Health Sciences Applications
1
0

Solution

Customers are advised to apply all relevant patches in this quarter’s CPU. Please refer to the April 2023 advisory for full details.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released.

Get more information

Oracle Critical Patch Update Advisory – April 2023
Oracle April 2023 Critical Patch Update Risk Matrices
Oracle Advisory to CVE Map

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about https://www.tenable.com/products/tenable-one“>Tenable One, the Exposure Management Platform for the modern attack surface.

   Cyber Exposure Alerts 

​  

More To Explore

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report
Generated by Feedzy

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.