The April Oracle 2020 Critical Patch Update (CPU) could see a 37% increase in software patches across the Oracle product suite based on a pre-release of the quarterly update due on Tuesday, April 14th.  Oracle is projecting the final April CPU could include as many as 405 patches compared to 297 in the same patch update in 2019.

Oracle CPUs Chart between April '19 to April '20
* Based on Oracle April 2020 CPU Pre-release. Final patches may vary.

Other highlights of the pre-release include:

  • Thirteen (13) Oracle products may include patches for CVEs with a CVSS 3.0 base score of 9.8 on a 10-point scale of severity.
  • One hundred percent (100%) of the Java SE vulnerabilities expected to be patched can be remotely exploited, including flaws in versions as old as Java 7.
  • The April Oracle CPU may contain patches for vulnerabilities in Java SE 14 which was publicly released less than a month ago (17 March 2020).

Oracle will release the final version of the Q2 CPU mid-afternoon Pacific Daylight Time on Tuesday, 14 April. Waratek will follow shortly with an analysis of the final patch update.


About Waratek
Some of the world’s leading companies use Waratek’s ARMR Security Platform to patch, secure and upgrade their mission critical applications. A pioneer in the next generation of application security solutions, Waratek makes it easy for security teams to instantly detect and remediate known vulnerabilities with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead. For more information, visit