Summary
Active exploitation of the CVE-2024-21287 vulnerability affecting the Agile Product Lifecycle Management (PLM) product, a solution designed to manage the lifecycle of products from initial conception to decommissioning, has been detected online. This vulnerability, with a cvss v3.x score of 7.5, could allow the disclosure of files containing sensitive information present on target systems.
Risk
Estimate of the impact of the vulnerability on the reference community: SERIOUS/RED (76.28/100)1.
Type
- Information Disclosure
Affected products and versions
Oracle Agile PLM Framework, version 9.3.6
Mitigation actions
In line with the vendor’s statements, it is recommended to promptly update the vulnerable products to the latest available version.
Unique Vulnerability Indicators
References
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.