Oracle Agile PLM for Process Vulnerable to Unauthorized Access
CVE-2024-20956

7.3HIGH

Key Information:

Vendor: Oracle
Status: Agile Product Lifecycle Management For Process
Vendor: CVE Published:; 17 February 2024

What is CVE-2024-20956?

The vulnerability in Oracle Agile Product Lifecycle Management for Process exposes supported versions prior to 6.2.4.2 to exploitation by unauthenticated attackers with network access via HTTP. This flaw allows unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reads of certain data sets. Additionally, the vulnerability may facilitate a partial denial of service, impacting the availability of the product. Organizations utilizing the affected versions should prioritize remediation to safeguard their data integrity and overall system security.

Affected Version(s)

Agile Product Lifecycle Management for Process * < 6.2.4.2

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2024
Vulnerability Reserved
Dec 7, 2023