CVE-2024-21287: Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
First published: Mon Nov 18 2024(Updated: )
Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Agile Product Lifecycle Management (PLM) | ||
| Oracle Agile Product Lifecycle Management | =9.3.6 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-21287
- agent/remedy
- agent/title
- agent/references
- agent/description
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/author
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- vendor/oracle
- canonical/oracle agile product lifecycle management (plm)
- canonical/oracle agile product lifecycle management
- version/oracle agile product lifecycle management/9.3.6