Back to KEVs

CVE-2024-21287

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 07, 2023
Published Date
November 18, 2024
Last Updated
November 23, 2024
Vendor
Oracle Corporation
Product
Oracle Agile PLM Framework
Description
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2024-11-21 00:00:00 UTC) Source

References

https://www.oracle.com/security-alerts/alert-cve-2024-21287.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-11-21 00:00:00 UTC