Oracle April 2020 Critical Patch Update Includes Record-Breaking 397 Security Updates
Oracle’s second Critical Patch Update of 2020 addresses 450 CVEs across a record-breaking 397 security patches, including critical vulnerabilities in Oracle Fusion Middleware products.
Background
On April 14, Oracle released its Critical Patch Update (CPU) Advisory for April 2020 as part of its quarterly release of security patches. This update contains fixes for 450 CVEs in 397 security patches across multiple Oracle products. This quarter’s update smashes the previous records of 334 patches, with January 2020 and July 2018 in a tie for the previous record.
Analysis
This quarter’s CPU includes more than 30 critically rated CVEs across a wide range of Oracle products. The following is the full list of product families with vulnerabilities addressed in this month’s release along with the number of patches released.
| Oracle Product Family | Number of Patches |
|---|---|
| Oracle E-Business Suite | 74 |
| Oracle Fusion Middleware | 51 |
| Oracle MySQL | 45 |
| Oracle Communications Applications | 39 |
| Oracle Financial Services Applications | 35 |
| Oracle Retail Applications | 27 |
| Oracle Virtualization | 19 |
| Oracle Knowledge | 16 |
| Oracle Java SE | 15 |
| Oracle PeopleSoft | 14 |
| Oracle Construction and Engineering | 12 |
| Oracle Systems | 9 |
| Oracle Database Server | 8 |
| Oracle Enterprise Manager | 7 |
| Oracle GraalVM | 5 |
| Oracle JD Edwards | 4 |
| Oracle Supply Chain | 4 |
| Oracle Hyperion | 3 |
| Oracle Health Sciences Applications | 2 |
| Oracle Support Tools | 2 |
| Oracle Utilities Applications | 2 |
| Oracle Food and Beverage Applications | 1 |
| Oracle Siebel CRM | 1 |
| Oracle Global Lifecycle Management | 1 |
| Oracle Secure Backup | 1 |
Solution
Customers are advised to apply all relevant patches provided by Oracle in this CPU. Please refer to the April 2020 advisory for full details.
Identifying affected systems
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released.
Get more information
- Oracle Critical Patch Update Advisory - April 2020
- Oracle Advisory to CVE Map
- Oracle April 2020 CPU Risk Matrices
Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.
Get a free 30-day trial of Tenable.io Vulnerability Management.
Related Articles
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Strengthening the Nessus Software Supply Chain with SLSA
April 16, 2024You know Tenable as a cybersecurity industry leader whose world-class exposure management products are trusted by our approximately 43,000 customers, including about 60% of the Fortune 500. But sometimes we like to give you a peek behind the curtain to share how we protect our own house against cyberattacks – and that’s what this blog is about. Today we’re sharing our experience adopting the supply-chain security framework SLSA, with the hopes that the lessons we learned will be helpful to you.
Cybersecurity Snapshot: CISA Says Midnight Blizzard Swiped U.S. Gov’t Emails During Microsoft Hack, Tells Fed Agencies To Take Immediate Action
April 12, 2024Check out CISA’s urgent call for federal agencies to protect themselves from Midnight Blizzard’s breach of Microsoft corporate emails. Plus, a new survey shows cybersecurity pros are guardedly optimistic about AI. Meanwhile, SANS pinpoints the four trends CISOs absolutely must focus on this year. And the NSA is sharing best practices for data security. And much more!
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Vulnerability Management