Data Exposure Vulnerability in Oracle Agile PLM by Oracle
CVE-2022-21467

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Agile Plm Framework
Vendor: CVE Published:; 19 April 2022

What is CVE-2022-21467?

The vulnerability in Oracle Agile PLM allows an attacker with low privileges and network access to exploit weaknesses in the Attachments component. This can lead to unauthorized access to critical information within the system, risking confidentiality and potentially compromising all accessible data. Organizations using Oracle Agile PLM version 9.3.6 should be particularly vigilant and seek immediate remediation to safeguard their information assets.

Affected Version(s)

Agile PLM Framework 9.3.6

References

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2022
Vulnerability Reserved
Nov 15, 2021