CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as CIVN-2024-0350. This high-risk threat was detected on November 26, 2024.
CVE-2024-21287 affects Oracle Agile PLM Framework version 9.3.6, which is commonly used by organizations for managing product lifecycles and enhancing collaboration and development processes.
CERT-In has flagged a security vulnerability in Oracle’s Agile Product Lifecycle Management (PLM) software, identified as CVE-2024-21287 and cataloged as...
On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure...
SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security...
This Security Alert highlights vulnerability CVE-2024-21287 in Oracle Agile Product Lifecycle Management (PLM). The vulnerability can be exploited remotely without authentication, meaning it can be targeted over a network without a username or password. Successful exploitation may lead to file disclosure.
Oracle Agile PLM is essential for managing product design, quality, and compliance within Oracle Supply Chain. A vulnerability exists due to improper authentication, allowing attackers to exploit the system through HTTP connections, potentially exposing sensitive information or compromising the system remotely.
CERT-In warns that the CVE-2024-21287 vulnerability could lead to data theft. Exploiting this flaw may allow attackers to access sensitive information for financial gain, industrial espionage, or operational sabotage.
Oracle’s Response:
Oracle advises customers to update to Agile PLM Framework version 9.3.6 with the latest security patches to fix a critical Information Disclosure Vulnerability and protect against unauthorized access and data leaks.