CVE-2024-20953
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 07, 2023
- Published Date
- February 17, 2024
- Last Updated
- February 24, 2025
- Vendor
- Oracle Corporation
- Product
- Agile PLM Framework
- Description
- Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2025-02-24 00:00:00 UTC) Source
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2025-02-24 00:00:00 UTC |