Summary
Oracle has released the January Critical Patch Update that describes 389 vulnerabilities across multiple products, 18 of which are rated “critical.” Some of these vulnerabilities could be exploited to perform unauthorized operations or compromise service availability on target systems.
Note (updated 2/25/2025): The CVE-2024-20953 vulnerability is actively being exploited online.
Note (updated 2/6/2024): A Proof of Concept (PoC) for the exploitation of the CVE-2024-20931 vulnerability is available online.
Risk
Vulnerability Impact Estimated on the Target Community: Medium (62.3)
Type
- Data Manipulation
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Remote Code Execution
- Security Restriction Bypass
Affected Products and Versions
Oracle
- Analytics
- Audit Vault and Database Firewall
- Big Data Spatial and Graph
- Commerce
- Communications
- Communications Applications
- Construction and Engineering
- Database Server
- E-Business Suite
- Enterprise Manager
- Essbase
- Financial Services Applications
- Fusion Middleware
- Global Lifecycle Management
- GoldenGate
- Graph Server and Client
- Hyperion
- Java SE
- JD Edwards
- MySQL
- NoSQL Database
- PeopleSoft
- REST Data Services
- Retail Applications
- Secure Backup
- Siebel CRM
- SQL Developer
- Supply Chain
- Systems
- TimesTen In-Memory Database
- Utilities Applications
Mitigation actions
In line with vendor statements, it is recommended to update products to the latest available version.
For more information on the affected products and intervention methods, we recommend referring to the security bulletin available in the References section.
Below are only the CVEs related to vulnerabilities with a “critical” severity:
References
https://www.oracle.com/security-alerts/cpujan2024.html
https://www.oracle.com/security-alerts/cpujan2024verbose.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
