By John E. Dunn
Publication Date: 2026-01-22 00:35:00
Just behind ZDLRA in patch volume are Oracle Enterprise Manager with 51 patches, 47 of which are remotely exploitable without authentication, and Oracle E-Business Suite with 38 patches, 33 of which are remotely exploitable.
Despite Oracle’s extensive patching cycle, the company’s approach to security was not always effective. In 2025, a threat actor claimed to have done this six million records stolen from a vulnerable Oracle server, a claim the company has repeatedly denied.
Security firm CloudSEK later identified the vulnerability that led to the alleged hack as CVE-2021-35587, an old issue that should have been fixed. Presumably by chance, the long-standing chief security officer was announced in August Mary Ann Davidson left the company.
