Oracle Agile PLM Framework Vulnerability Affects 9.3.6 Version

CVE-2024-21287

Summary

CVE-2024-21287 is a critical vulnerability in the Oracle Agile PLM Framework affecting version 9.3.6. The flaw allows for unauthorized access to sensitive data and file disclosure, with a high CVSS score of 7.5. The vulnerability has been actively exploited in the wild, potentially allowing threat actors to download files from targeted systems. It was discovered by security researchers from CrowdStrike, and Oracle has urged users to apply the latest patches for protection. The impact of exploitation could lead to unauthorized access to critical data, emphasizing the need for swift mitigation measures. While it's unclear who the perpetrators are and their targets, the urgency of addressing this issue is highlighted by the active exploitation and potential for significant impact.

News Articles

🔗The Cyber Express

CVE-2024-21287

CERT-In Flags On Oracle Agile PLM Flaw (CVE-2024-21287)

The CERT-In (Computer Emergency Response Team – India) flags CVE-2024-21287 affecting Oracle Agile PLM with high risk of unauthorized access.

2 months ago

🔗CybersecurityNews

CVE-2024-21287

Oracle Agile PLM Zero-Day Vulnerability Exploited In The Wild

Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) Framework that is actively being exploited in the wild.

3 months ago

🔗The Hacker News

CVE-2024-21287

Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation

Critical flaw CVE-2024-21287 in Oracle Agile PLM allows unauthenticated file leaks; urgent patch advised.

3 months ago

More News...

References