With its quarterly security updates, Oracle is once again securing its own software portfolio with 334 software patches.

Oracle's Critical Patch Update for October is here. The software manufacturer releases security patches every quarter. The developers have closed dangerous vulnerabilities in Banking Cash Management, E-Business Suite and VM VirtualBox, among others.

List of affected software

Admins can find the list of affected software here to find all patches they need and install them quickly. There are no indications of attacks already underway in the list. Nevertheless, admins should act quickly. They should also ensure that the patches from previous quarterly updates are installed. The majority of the vulnerabilities were discovered by external security researchers and reported to Oracle.

Critical security vulnerabilities affect, among others, Commerce Guided Search (CVE-2022-46337), Communications Unified Assurance (CVE-2024-45492) and Outside In Technology (CVE-2024-21216). At these locations, remote attackers can execute malicious code, among other things, without authentication. Oracle does not explain how this might work in detail.

Many vulnerabilities are classified as high threat level. In some of these cases, malicious code can also get onto systems and compromise computers. This affects Applications Manager, Banking Cash Management and Communications Cloud Native Core Policy, for example.