Oracle Agile PLM Framework Vulnerability Affects 9.3.6 Version

Summary

CVE-2024-21287 is a critical vulnerability in the Oracle Agile PLM Framework affecting version 9.3.6. The flaw allows for unauthorized access to sensitive data and file disclosure, with a high CVSS score of 7.5. The vulnerability has been actively exploited in the wild, potentially allowing threat actors to download files from targeted systems. It was discovered by security researchers from CrowdStrike, and Oracle has urged users to apply the latest patches for protection. The impact of exploitation could lead to unauthorized access to critical data, emphasizing the need for swift mitigation measures. While it's unclear who the perpetrators are and their targets, the urgency of addressing this issue is highlighted by the active exploitation and potential for significant impact.

News Articles

The Hacker News

CVE-2024-21287

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Critical flaw CVE-2024-21287 in Oracle Agile PLM allows unauthenticated file leaks; urgent patch advised.

3 days ago

SecurityWeek

CVE-2024-21287

Oracle Patches Exploited Agile PLM Zero-Day

Oracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild.

4 days ago

BleepingComputer

CVE-2024-21287

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files.

4 days ago

More News...