CVE-2024-21287
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
CVSS
—
No CVSS
EPSS
1.5%
p71
KEV
YES
Nov 21, 2024
Exploit Today
71
0-100
Published: — · Last modified: —
Product
Oracle / Agile Product Lifecycle Management (PLM)
Vulnerability
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Added to KEV
Nov 21, 2024
Remediate by
Dec 12, 2024
Known ransomware use
No
Summary description
Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287