What is the severity of CVE-2024-20953?

CVE-2024-20953 is classified as an easily exploitable vulnerability with a high impact on Oracle Agile PLM.

How do I fix CVE-2024-20953?

To fix CVE-2024-20953, you should update your Oracle Agile PLM to the latest version that addresses this vulnerability.

Who is affected by CVE-2024-20953?

Only users running Oracle Agile PLM version 9.3.6 are affected by CVE-2024-20953.

What type of attacks can CVE-2024-20953 enable?

CVE-2024-20953 allows low privileged attackers with network access via HTTP to compromise the Oracle Agile PLM system.

Is CVE-2024-20953 under active exploitation?

While CVE-2024-20953 is easily exploitable, specific active exploitation details would typically be disclosed through security advisories.

Vulnerability/
CVE-2024-20953

Exploited

high

8.8

CWE

502

EPSS

0.093%

17/2/2024

14/2/2025

25/2/2025

CVE-2024-20953: Oracle Product Lifecycle Management ExportServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

First published: Sat Feb 17 2024(Updated: )

Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Credit: secalert_us@oracle.com

Affected Software	Affected Version	How to fix
Oracle Product Lifecycle Management
Oracle Agile Product Lifecycle Management
Oracle Agile PLM	=9.3.6
	=9.3.6

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2017-3066

Frequently Asked Questions

What is the severity of CVE-2024-20953?
CVE-2024-20953 is classified as an easily exploitable vulnerability with a high impact on Oracle Agile PLM.
How do I fix CVE-2024-20953?
To fix CVE-2024-20953, you should update your Oracle Agile PLM to the latest version that addresses this vulnerability.
Who is affected by CVE-2024-20953?
Only users running Oracle Agile PLM version 9.3.6 are affected by CVE-2024-20953.
What type of attacks can CVE-2024-20953 enable?
CVE-2024-20953 allows low privileged attackers with network access via HTTP to compromise the Oracle Agile PLM system.
Is CVE-2024-20953 under active exploitation?
While CVE-2024-20953 is easily exploitable, specific active exploitation details would typically be disclosed through security advisories.

agent/first-publish-date
agent/type
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/zdi-advisory
source/ZDI
alias/ZDI-24-096
alias/ZDI-CAN-21848
alias/CVE-2024-20953
agent/software-canonical-lookup
agent/title
agent/severity
agent/weakness
agent/remedy
agent/last-modified-date
agent/description
collector/cisa-known-exploited
source/CISA
exploited/true
collector/nvd-api
source/NVD
collector/the-register
source/The Register
alias/CVE-2017-3066
agent/references
agent/source
agent/trending
agent/tags
collector/mitre-cve
source/MITRE
agent/softwarecombine
agent/event
collector/nvd-cve
agent/news-ai
vendor/oracle
canonical/oracle product lifecycle management
canonical/oracle agile product lifecycle management
canonical/oracle agile plm
version/oracle agile plm/9.3.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.