InfoSecBulletin Cybersecurity for mankind
CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as CIVN-2024-0350. This high-risk threat was detected on November 26, 2024.
CVE-2024-21287 affects Oracle Agile PLM Framework version 9.3.6, which is commonly used by organizations for managing product lifecycles and enhancing collaboration and development processes.
CISA Flags 3 Actively Exploited Vulnerabilities in KEV
Cisco Confirms Active Exploitation Of Decade-Old WebVPN Vulnerability
TP-Link Archer Security Flaw Exposes Devices to Malicious Command Injection
IBM address multiple flaw in security verify access appliance
“Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks
Workshop on “DDoS use cases & solutions for government & BFSI” held at BCS
Uganda confirms hack of central bank accounts, Refutes $17 Million Claim
CVE-2024-11667
Hackers actively exploiting Zyxel firewall to deploy Ransomware
Daily Security Update Dated: 29.11.2024
CIRT-in flags Critical Flaw in Oracle Agile PLM Framework
This Security Alert highlights vulnerability CVE-2024-21287 in Oracle Agile Product Lifecycle Management (PLM). The vulnerability can be exploited remotely without authentication, meaning it can be targeted over a network without a username or password. Successful exploitation may lead to file disclosure.
Oracle Agile PLM is essential for managing product design, quality, and compliance within Oracle Supply Chain. A vulnerability exists due to improper authentication, allowing attackers to exploit the system through HTTP connections, potentially exposing sensitive information or compromising the system remotely.
CERT-In warns that the CVE-2024-21287 vulnerability could lead to data theft. Exploiting this flaw may allow attackers to access sensitive information for financial gain, industrial espionage, or operational sabotage.
Oracle’s Response:
Oracle advises customers to update to Agile PLM Framework version 9.3.6 with the latest security patches to fix a critical Information Disclosure Vulnerability and protect against unauthorized access and data leaks.
