Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287 (CVSS score: 7.5), which was actively exploited as a zero-day to download files.
Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams.
Yesterday, Oracle urged Agile PLM customers to install the latest version to fix the CVE-2024-21287 flaw.
"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure," warned Oracle.
See more:
BleepingComputer: https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/
The Hacker News:
https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html
SecurityWeek:
https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
#cybersecurity #oracle #zeroday
Oddbean new post about login | logout