Oracle warns of Agile PLM file disclosure flaw exploited in attacks Oracle has fixed ...

npub1zm7…pnd6

2024-11-21 10:40:56

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287 (CVSS score: 7.5), which was actively exploited as a zero-day to download files.

Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams.

Yesterday, Oracle urged Agile PLM customers to install the latest version to fix the CVE-2024-21287 flaw.

"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure," warned Oracle.

See more:
BleepingComputer: https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/

The Hacker News:
https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html

SecurityWeek:
https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/

#cybersecurity #oracle #zeroday

Author Public Key

npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6

Seen on

wss://nostr.mom wss://relay.nostr.band

Show more details

Published at

2024-11-21 10:40:56

Kind type

1 Short Text Note

Event JSON

{ "id": "71cba2841e062012bd7082b01f721217379a4f762b638645083e1fe7be72bbb9", "pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a", "created_at": 1732185656, "kind": 1, "tags": [ [ "t", "cybersecurity" ], [ "t", "oracle" ], [ "t", "zeroday" ], [ "r", "https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/" ], [ "r", "https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html" ], [ "r", "https://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/" ] ], "content": "Oracle warns of Agile PLM file disclosure flaw exploited in attacks\n\nOracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287 (CVSS score: 7.5), which was actively exploited as a zero-day to download files.\n\nOracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams.\n\nYesterday, Oracle urged Agile PLM customers to install the latest version to fix the CVE-2024-21287 flaw.\n\n\"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure,\" warned Oracle.\n\nSee more:\nBleepingComputer: https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/\n\nThe Hacker News:\nhttps://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html\n\nSecurityWeek:\nhttps://www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/\n\n#cybersecurity #oracle #zeroday", "sig": "40ad82ba62733a838e6247f40f9af25bbc41b30a6c1b87a9885406c8df3e4ee5f239b2fbd802ac023ecf554a9be759fd7c64979dbcf60a9c9cc9f0069bb954d3" }