Oracle April 2020 Critical Patch Update Includes Record-Breaking 397 Security Updates
Oracle’s second Critical Patch Update of 2020 addresses 450 CVEs across a record-breaking 397 security patches, including critical vulnerabilities in Oracle Fusion Middleware products.
Contexto
On April 14, Oracle released its Critical Patch Update (CPU) Advisory for April 2020 as part of its quarterly release of security patches. This update contains fixes for 450 CVEs in 397 security patches across multiple Oracle products. This quarter’s update smashes the previous records of 334 patches, with January 2020 and July 2018 in a tie for the previous record.
Análise
This quarter’s CPU includes more than 30 critically rated CVEs across a wide range of Oracle products. The following is the full list of product families with vulnerabilities addressed in this month’s release along with the number of patches released.
| Oracle Product Family | Number of Patches |
|---|---|
| Oracle E-Business Suite | 74 |
| Oracle Fusion Middleware | 51 |
| Oracle MySQL | 45 |
| Oracle Communications Applications | 39 |
| Oracle Financial Services Applications | 35 |
| Oracle Retail Applications | 27 |
| Oracle Virtualization | 19 |
| Oracle Knowledge | 16 |
| Oracle Java SE | 15 |
| Oracle PeopleSoft | 14 |
| Oracle Construction and Engineering | 12 |
| Oracle Systems | 9 |
| Oracle Database Server | 8 |
| Oracle Enterprise Manager | 7 |
| Oracle GraalVM | 5 |
| Oracle JD Edwards | 4 |
| Oracle Supply Chain | 4 |
| Oracle Hyperion | 3 |
| Oracle Health Sciences Applications | 2 |
| Oracle Support Tools | 2 |
| Oracle Utilities Applications | 2 |
| Oracle Food and Beverage Applications | 1 |
| Oracle Siebel CRM | 1 |
| Oracle Global Lifecycle Management | 1 |
| Oracle Secure Backup | 1 |
Solução
Customers are advised to apply all relevant patches provided by Oracle in this CPU. Please refer to the April 2020 advisory for full details.
Identificação de sistemas afetados
A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released.
Obtenha mais informações
- Oracle Critical Patch Update Advisory - April 2020
- Oracle Advisory to CVE Map
- Oracle April 2020 CPU Risk Matrices
Junte-se à equipe de resposta de segurança da Tenable na Tenable.
Saiba mais sobre a Tenable, a primeira plataforma de Cyber Exposure para o gerenciamento holístico da sua superfície de ataque moderna.
Obtenha uma avaliação gratuita por 30 dias do Vulnerability Management da Tenable.io.
Artigos relacionados
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities
May 9, 2024Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.
Cybersecurity Snapshot: CISA Warns Hospitals about Black Basta, as Tenable Study Finds Cloud-Related Breaches Pervasive
May 17, 2024Find out why healthcare organizations must beware of the Black Basta ransomware group. Meanwhile, a Tenable study found that 95% of surveyed organizations suffered a cloud-related breach, and offers insights for boosting cloud security. Plus, a Cloud Security Alliance report delves into how AI systems can create risky gaps in your cloud environment. And much more!
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
- Vulnerability Management