Warning: Unauthenticated Data Exposure Vulnerability in Oracle Agile Product Lifecycle Management (PLM) patch immediately!
CVE-2024-21287
CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Bronnen
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
Risico’s
Easily exploitable vulnerability in Oracle Agile PLM Framework version 9.3.6 allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework.
Beschrijving
A vulnerability in Oracle Agile PLM Framework (component: SDK, Process Extension) affects version 9.3.6. It allows unauthenticated attackers with HTTP access to compromise the system, potentially exposing critical or all accessible data.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.