Oddbean new post about login | logout Oracle warns of Agile PLM file disclosure flaw exploited in attacks Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287 (CVSS score: 7.5), which was actively exploited as a zero-day to download files. Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams. Yesterday, Oracle urged Agile PLM customers to install the latest version to fix the CVE-2024-21287 flaw. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure," warned Oracle. See more: BleepingComputer: https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/ The Hacker News: https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html SecurityWeek: https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/ #cybersecurity #oracle #zeroday