Oracle Warns of Exploitation in Agile PLM Framework Vulnerability

416/67 Friday, November 22, 2024

Oracle has issued a critical security advisory to users regarding a vulnerability identified in the Agile Product Lifecycle Management (PLM) Framework, designated as CVE-2024-21287, with a CVSS severity score of 7.5. This vulnerability can be exploited remotely without authentication, allowing malicious actors to access sensitive data.

The flaw enables unauthenticated attackers to target systems without requiring a username or password. Oracle explained in its advisory, “Successful exploitation of this vulnerability may allow attackers to download files accessible under the PLM application’s permissions from the targeted system.” Such attacks could result in the unauthorized exposure of critical files without the target system being aware of the breach.

The vulnerability was discovered and reported by security researchers Joel Snape and Lutz Wolf from CrowdStrike. While Oracle has promptly worked on addressing the issue, there is no clear information yet on the specific targets or the scale of these attacks.

Administrators are strongly advised to review their software version and immediately apply patches or updates as soon as possible. Doing so will reduce the risk of exploitation and protect critical system data from malicious actors.

Source https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html