AI description
CVE-2024-20953 is a deserialization vulnerability found in Oracle Agile Product Lifecycle Management (PLM), specifically version 9.3.6. This vulnerability exists within the Export component of the affected software. Successful exploitation allows a low-privileged attacker with network access via HTTP to compromise the affected system. This vulnerability was patched by Oracle in January 2024. The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-20953 to its Known Exploited Vulnerabilities (KEV) catalog in February 2025 due to evidence of active exploitation. Federal agencies are required to patch this vulnerability by March 17, 2025.
- Description
- Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
- Exploit added on
- Feb 24, 2025
- Exploit action due
- Mar 17, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-502
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2017-3066, CVE-2024-20953
@transilienceai
8 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#BUGBOARD series is back with #news 2!💡 CISA has added Adobe ColdFusion and Oracle Agile PLM vulnerabilities (CVE-2017-3066 & CVE-2024-20953) to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. . Link: https://t.co/bcTqdu69lh #oracle #adobe #secu
@bugbreport
4 Mar 2025
13 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
به تازگی برای یکی از محصولات oracel با نام Product Lifecycle Management یا همان PLM آسیب پذیری با کد شناسایی CVE-2024-20953 و از نوع RCE منتشر شده است. این آسیب پذیری به هکرها با دسترسی پایین امکان اجرای کد را می دهد. https://t.co/Poz3aKY03t https://t.co/JAHc0PRqvq
@AmirHossein_sec
26 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical deserialization bugs in Adobe, Oracle software 📅 Timeline: Disclosure: 2017-04-25, Patch: 2024-01-15 📌 Attribution: CISA 🆔cveId: CVE-2017-3066; CVE-2024-20953 📊baseScore: 9.8; 8.8 📏cvssMetrics: cvssSeverity: Critical; High… https://t.co/J
@syedaquib77
25 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Oracle Agile Deserialization Vulnerability 📅 Timeline: Disclosed February 2024, Patched January 2024 (Mitigation required by March 17, 2025) 📌 Attribution: CISA 🆔 CVE-ID: CVE-2024-20953 📊 Base Score: 8.8 📏 CVSS Metrics:… https://t.co/45q7xGe
@syedaquib77
25 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 CISA has warned about two vulnerabilities: CVE-2017-3066 and CVE-2024-20953. Despite patches being available, they're flagged due to continued exploitation risks. 🔗 Read the full article: https://t.co/ooAhN2lHkF
@TheHackersNews
25 Feb 2025
39511 Impressions
33 Retweets
104 Likes
23 Bookmarks
0 Replies
1 Quote
🚨 Oracle Agile Vulnerability Exploited in Wild - CISA Warns Read more: https://t.co/2qZcJLTvIu CVE-2024-20953 resides in the Export component of Oracle Agile PLM version 9.3.6, a platform used globally for managing product development, compliance, and collaboration.… https://
@The_Cyber_News
25 Feb 2025
280 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-20953 #Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability https://t.co/Yv4hStAtym
@ScyScan
24 Feb 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2"
}
],
"operator": "OR"
}
]
}
]