Oracle April 2020 Critical Patch Update Includes Record-Breaking 397 Security Updates
Oracle’s second Critical Patch Update of 2020 addresses 450 CVEs across a record-breaking 397 security patches, including critical vulnerabilities in Oracle Fusion Middleware products.
背景
On April 14, Oracle released its Critical Patch Update (CPU) Advisory for April 2020 as part of its quarterly release of security patches. This update contains fixes for 450 CVEs in 397 security patches across multiple Oracle products. This quarter’s update smashes the previous records of 334 patches, with January 2020 and July 2018 in a tie for the previous record.
分析
This quarter’s CPU includes more than 30 critically rated CVEs across a wide range of Oracle products. The following is the full list of product families with vulnerabilities addressed in this month’s release along with the number of patches released.
| Oracle Product Family | Number of Patches |
|---|---|
| Oracle E-Business Suite | 74 |
| Oracle Fusion Middleware | 51 |
| Oracle MySQL | 45 |
| Oracle Communications Applications | 39 |
| Oracle Financial Services Applications | 35 |
| Oracle Retail Applications | 27 |
| Oracle Virtualization | 19 |
| Oracle Knowledge | 16 |
| Oracle Java SE | 15 |
| Oracle PeopleSoft | 14 |
| Oracle Construction and Engineering | 12 |
| Oracle Systems | 9 |
| Oracle Database Server | 8 |
| Oracle Enterprise Manager | 7 |
| Oracle GraalVM | 5 |
| Oracle JD Edwards | 4 |
| Oracle Supply Chain | 4 |
| Oracle Hyperion | 3 |
| Oracle Health Sciences Applications | 2 |
| Oracle Support Tools | 2 |
| Oracle Utilities Applications | 2 |
| Oracle Food and Beverage Applications | 1 |
| Oracle Siebel CRM | 1 |
| Oracle Global Lifecycle Management | 1 |
| Oracle Secure Backup | 1 |
解决方案
Customers are advised to apply all relevant patches provided by Oracle in this CPU. Please refer to the April 2020 advisory for full details.
识别受影响的系统
用于识别这些漏洞的 Tenable 插件列表在发布时将显示在此处。
获取更多信息
- Oracle Critical Patch Update Advisory - April 2020
- Oracle Advisory to CVE Map
- Oracle April 2020 CPU Risk Matrices
加入 Tenable Community 中的 Tenable 安全响应团队
了解有关 Tenable 这款首创 Cyber Exposure 平台的更多信息,全面管理现代攻击面。
获取 30 天免费试用版 Tenable.io Vulnerability Management。
Tenable 安全响应团队
Tenable 安全响应团队
Tenable 安全响应团队 (SRT) 会追踪威胁和漏洞情报源,确保研究团队能够迅速对我们的产品进行传感器覆盖。SRT 还致力于分析和评估技术细节,并撰写白皮书、博客和其他通信内容,以确保利益相关方充分了解最新的风险和威胁。SRT 会在 Tenable 博客中分享最新漏洞的详细信息。相关文章
CVE-2025-20333, CVE-2025-20362: Frequently Asked Questions About Zero-Day Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) Vulnerabilities
Cisco published advisories and a supplemental post about three zero-day vulnerabilities, two of which were exploited in the wild by an advanced threat actor associated with the ArcaneDoor campaign.
IDC Ranks Tenable #1 in WW Device Vulnerability and Exposure Management Market Share
Tenable’s market share leadership in Worldwide Device Vulnerability and Exposure Management is a testament to the trust tens of thousands of customers place in Tenable One every day. Our placement also marks seven consecutive years at #1.
Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)
Microsoft addresses 80 CVEs, including eight flaws rated critical with one publicly disclosed.
- Vulnerability Management
联系我们的销售团队