CVE-2024-21287
CVE-2024-21287
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 1.5%KEV simPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
18 Nov 2024Published on NVD
21 Nov 2024Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Oracle Agile PLM Framework version 9.3.6 allows anyone on the network to access sensitive data without logging in. An attacker can view confidential information that should be protected.
Technical detail
An unauthenticated, network-accessible vulnerability in the Process Extension component of Oracle Agile PLM Framework 9.3.6 permits unauthorized data disclosure via HTTP. The attack requires no user interaction or special conditions, resulting in high confidentiality impact with no integrity or availability compromise.
Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Oracle Corporation · Oracle Agile PLM FrameworkWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →