www.belgium.be Logo of the federal government

Warning: Unauthenticated Data Exposure Vulnerability in Oracle Agile Product Lifecycle Management (PLM) patch immediately!

Referentie: 
Advisory #2024-270
Versie: 
1.0
Geïmpacteerde software: 
Oracle Agile PLM Framework, version 9.3.6
Type: 
Unauthenticated Data Access
CVE/CVSS: 

CVE-2024-21287
CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Bronnen

https://www.oracle.com/security-alerts/alert-cve-2024-21287.html

Risico’s

Easily exploitable vulnerability in Oracle Agile PLM Framework version 9.3.6 allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework.

Beschrijving

A vulnerability in Oracle Agile PLM Framework (component: SDK, Process Extension) affects version 9.3.6. It allows unauthenticated attackers with HTTP access to compromise the system, potentially exposing critical or all accessible data.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
 

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties