CVE-2024-21287
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
CVSS
—
Sin CVSS
EPSS
1.5%
p71
KEV
SÍ
21 nov 2024
Exploit Today
71
0-100
Publicado: — · Última mod.: —
Producto
Oracle / Agile Product Lifecycle Management (PLM)
Vulnerabilidad
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Añadido a KEV
21 nov 2024
Remediar antes de
12 dic 2024
Uso conocido en ransomware
No
Descripción resumida
Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287