Monday , January 6 2025
Oracle

CIRT-in flags Critical Flaw in Oracle Agile PLM Framework

infosecbulletin Thursday , November 28 2024 Alert, Hot Topic, International, Vulnerabilities

CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as CIVN-2024-0350. This high-risk threat was detected on November 26, 2024.

CVE-2024-21287 affects Oracle Agile PLM Framework version 9.3.6, which is commonly used by organizations for managing product lifecycles and enhancing collaboration and development processes.

India releases draft Digital Personal Data Protection Rules

By infosecbulletin / Monday , January 6 2025
On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to...
Read More
India releases draft Digital Personal Data Protection Rules

Microsoft to invest $80 Billion in AI Data Center

By infosecbulletin / Monday , January 6 2025
Microsoft recently shared a vision for the future of American technology and economic competitiveness, highlighting Artificial Intelligence (AI) as central...
Read More
Microsoft to invest $80 Billion in AI Data Center

3.3 Million Email Server Expose User Passwords and Messages in Plain Text

By infosecbulletin / Saturday , January 4 2025
Around 3.3 million servers are running POP3/IMAP email services without encryption (TLS) enabled, the Shadowserver Foundation, a nonprofit security organization,...
Read More
3.3 Million Email Server Expose User Passwords and Messages in Plain Text

Memory-Dump-UEFI
Researcher dumping memory to bypass BitLocker on Windows 11

By infosecbulletin / Thursday , January 2 2025
Researchers have demonstrated a method to bypass Windows 11’s BitLocker encryption, enabling the extraction of Full Volume Encryption Keys (FVEKs)...
Read More
Memory-Dump-UEFI Researcher dumping memory to bypass BitLocker on Windows 11

CVE-2024-49112
PoC Exploit Released for Zero-Click vulnerability in Windows

By infosecbulletin / Thursday , January 2 2025
SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP Nightmare”. This critical...
Read More
CVE-2024-49112 PoC Exploit Released for Zero-Click vulnerability in Windows

Financial Threat Assessment 2024
BCSI marks Bangladeshi 28 banks high, 10 medium for cyber attack

By infosecbulletin / Tuesday , December 31 2024
Bangladesh Cyber Security Intelligence (BCSI) has published Financial Threat Assessment report for 2024. In an era where financial institutions and...
Read More
Financial Threat Assessment 2024 BCSI marks Bangladeshi 28 banks high, 10 medium for cyber attack

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster

By infosecbulletin / Tuesday , December 31 2024
Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could...
Read More
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster

US Treasury says it was hacked by China via third party: Beijing denies

By infosecbulletin / Tuesday , December 31 2024
The US Treasury Department said on Monday that Chinese-linked hackers were able to gain access to ‘unclassified documents’ after compromising...
Read More
US Treasury says it was hacked by China via third party: Beijing denies

PoC Exploited Released for Oracle Weblogic Server Vul

By infosecbulletin / Monday , December 30 2024
Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic...
Read More
PoC Exploited Released for Oracle Weblogic Server Vul

Microsoft warn dev urgently to update .NET installer link

By infosecbulletin / Monday , December 30 2024
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains...
Read More
Microsoft warn dev urgently to update .NET installer link
Screenshot from CIRT in website

This Security Alert highlights vulnerability CVE-2024-21287 in Oracle Agile Product Lifecycle Management (PLM). The vulnerability can be exploited remotely without authentication, meaning it can be targeted over a network without a username or password. Successful exploitation may lead to file disclosure.

Oracle Agile PLM is essential for managing product design, quality, and compliance within Oracle Supply Chain. A vulnerability exists due to improper authentication, allowing attackers to exploit the system through HTTP connections, potentially exposing sensitive information or compromising the system remotely.

CERT-In warns that the CVE-2024-21287 vulnerability could lead to data theft. Exploiting this flaw may allow attackers to access sensitive information for financial gain, industrial espionage, or operational sabotage.

Oracle’s Response:

Oracle advises customers to update to Agile PLM Framework version 9.3.6 with the latest security patches to fix a critical Information Disclosure Vulnerability and protect against unauthorized access and data leaks.

Check Also

BitLocker Encryption

Memory-Dump-UEFI
Researcher dumping memory to bypass BitLocker on Windows 11

Researchers have demonstrated a method to bypass Windows 11’s BitLocker encryption, enabling the extraction of …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin