WebClient Vulnerability in Oracle Agile PLM by Oracle
CVE-2023-22039

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Agile Plm Framework
Vendor: CVE Published:; 18 July 2023

Summary

The vulnerability affects the Oracle Agile PLM WebClient, allowing an attacker with low privileges network access via HTTP to exploit the system. Although the attack requires interaction from a separate user, the repercussions can extend beyond Oracle Agile PLM, potentially impacting other associated products. Successful exploitation may lead to unauthorized modifications, such as updates, inserts, or deletions of data, and unauthorized read access to a portion of the accessible data within Oracle Agile PLM.

Affected Version(s)

Agile PLM Framework 9.3.6

References

https://www.oracle.com/security-alerts/cpujul2023.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Dec 17, 2022