CVE-2024-20953
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
CVSS
—
No CVSS
EPSS
3.4%
p88
KEV
YES
Feb 24, 2025
Exploit Today
76
0-100
Published: — · Last modified: —
Product
Oracle / Agile Product Lifecycle Management (PLM)
Vulnerability
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
Added to KEV
Feb 24, 2025
Remediate by
Mar 17, 2025
Known ransomware use
No
Summary description
Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953