- Description
- Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
- Exploit added on
- Nov 21, 2024
- Exploit action due
- Dec 12, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Comment: The mention of active exploits against CVE-2024-21287 underscores the importance of a rapid patching cadence. It ... #OracleSecurity https://t.co/L5eRz1PAdi
@fin_tech_news_
26 Jan 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Crikey! The PLM Framework just got pantsed by a high-severity flaw (CVE-2024-21287)! Uninvited guests pinching your privates without a 'by your leave'. Fancy a patch, anyone? @JoelSnape @LutzWolf #Cybersecurity #Oracle #Vulnerability #PatchASAP" https://t.co/8wSdlrMVlx
@LimitedViewX
10 Jan 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Bit of a doozy brewing at #Oracle @infosecJoel, @LutzSec. A 'no password needed' kind of flaw, CVE-2024-21287, in the PLM Framework. A sneaky chance to leak insider secrets! Time to slap on that patch, stat! #CyberSecurity #Vulnerability #PatchManagement #AgilePLM" https://t.co/
@LimitedViewX
10 Jan 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 High Risk Vulnerability in #Oracle Agile PLM Framework (#CVE-2024-21287) https://t.co/hLI62F5KRS
@dailycve
30 Dec 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Oracle Agile PLM Framework Vulnerability (#CVE-2024-21287) - High Severity https://t.co/Dy4eExwzta
@dailycve
7 Dec 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 is getting exploited #inthewild. Find out more at https://t.co/zxkLY8Soqk CVE-2023-28461 is getting exploited #inthewild. Find out more at https://t.co/IogAb7TnOf
@inthewildio
3 Dec 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 is getting exploited #inthewild. Find out more at https://t.co/zxkLY8Soqk CVE-2024-44309 is getting exploited #inthewild. Find out more at https://t.co/C8QQNSrrFU CVE-2023-28461 is getting exploited #inthewild. Find out more at https://t.co/IogAb7TnOf
@inthewildio
3 Dec 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 is getting exploited #inthewild. Find out more at https://t.co/zxkLY8Soqk CVE-2024-44309 is getting exploited #inthewild. Find out more at https://t.co/C8QQNSrrFU CVE-2024-44308 is getting exploited #inthewild. Find out more at https://t.co/JGYVH1sML9
@inthewildio
3 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 has recently been classified as a CISA Known Exploited Vulnerability related to Oracle Agile Product Lifecycle Management. Know more about it and act now to safeguard your organization: https://t.co/tt2ZnPUF70 #KEV #CyberSecurity #CVE #VulnerabilityManagement htt
@attaxion
29 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Oracle Agile PLM Framework Information Disclosure Vulnerability (#CVE-2024-21287) - HIGH - Critical https://t.co/hplon9LtFB
@dailycve
28 Nov 2024
33 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle Agile PLM の脆弱性 CVE-2024-21287 が FIX:悪用も確認されている https://t.co/Ye9F5fJWiP #AgilePLM #CISA #CrowdStrike #CyberAttack #Exploit #Government #KEV #Oracle #ProductLifecycleManagement #Vulnerability
@iototsecnews
28 Nov 2024
68 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: A critical incorrect authorization vulnerability (CVE-2024-21287) in Oracle Agile PLM allows unauthenticated attackers to disclose sensitive files. Organizations using version 9.3.6 must apply security patches immediately to mitigate risks! #Cybersecurity… ht
@OstorlabSec
22 Nov 2024
41 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 alert 🚨 Oracle Agile PLM Framework: unauthorized access to critical data (CVSS: 7.5/10) The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #Oracle https://t.co/
@Patrowl_io
22 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-21287 #Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability https://t.co/qUcrwaJzje
@ScyScan
21 Nov 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds Three Known Exploited Vulnerabilities to Catalog: CVE-2024-44308 - Apple Code Execution CVE-2024-44309 - Apple XSS CVE-2024-21287 - Oracle Agile PLM Incorrect Authorization https://t.co/oCDbymKEfT https://t.co/Y6IYhEG5eM
@TMJIntel
21 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #Oracle #AgilePLM & #Apple vulnerabilities, CVE-2024-21287, CVE-2024-44308, & CVE-2024-44309, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec
@CISACyber
21 Nov 2024
4704 Impressions
11 Retweets
24 Likes
2 Bookmarks
0 Replies
2 Quotes
Oracle Agile PLM Vulnerability CVE-2024-21287 Exploited in wild #OracleAgilePLM #CVE-2024-21287 #Zeroday https://t.co/O7Tihx8N2G
@pravin_karthik
21 Nov 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check this out if you are running Oracle Agile PLM or Product Lifecycle Management regarding the zero day vulnerability. Oracle Security Alert Advisory - CVE-2024-21287 https://t.co/6SMYYQLjK6 #Oracle #OraclePLM
@s_adachi
20 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability, tracked as CVE-2024-21287, has been discovered in Oracle Agile Product Lifecycle Management (PLM). This vulnerability allows unauthenticated attackers to remotely access and download sensitive files from vulnerable systems. 🚨 CVE-2024-21287 (7.5) -… ht
@cytexsmb
20 Nov 2024
374 Impressions
2 Retweets
5 Likes
3 Bookmarks
0 Replies
2 Quotes
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. #cybersecurity https://t.co/QbDFGXButj
@cybertzar
20 Nov 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️❗️⚠️ CVE-2024-21287 in the Oracle Agile Product Lifecycle Management (PLM) Framework version 9.3.6 This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in file disclosure. https://t.co/mU2RIJvcLp
@Sujeet
20 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Oracle Incorrect Authorization Zero-day Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-21287 (CVSS 7.5/10) Oracle Agile PLM Framework Incorrect Authorization Vulnerability Impact A Successful exploit may allows an unauthenticated attacker… h
@CyberxtronTech
20 Nov 2024
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Urgent Alert: A high-severity #vulnerability in Oracle's Agile PLM Framework is actively being exploited. No username or password required, CVE-2024-21287 could leak sensitive data without any authentication. Read the full advisory — https://t.co/5znECFBpxs #infosec
@TheHackersNews
20 Nov 2024
13670 Impressions
59 Retweets
94 Likes
11 Bookmarks
1 Reply
1 Quote
Oracle has addressed a critical unauthenticated file disclosure flaw in Agile PLM, tracked as CVE-2024-21287. This vulnerability, actively exploited in attacks, allowed unauthorized file downloads. Stay informed and protect your systems. Read more here: https://t.co/6IGOCKAb0n
@trubetech
19 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) - Help Net Security https://t.co/zkTxvi85xF
@TheCyberSecHub
19 Nov 2024
797 Impressions
4 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Oracle: rilevato lo sfruttamento attivo in rete della CVE-2024-21287 relativa al prodotto #AgileProductLifecycleManagement - #PLM Rischio: 🔴 Tipologia: 🔸 Information Disclosure 🔗 https://t.co/ES10XJOc9n ⚠ Importante aggiornare i sis… https://t.co/VvmpzYssbs
@Vulcanux_
19 Nov 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-21287 Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that … https://t.co/0wA8bcxegQ
@CVEnew
18 Nov 2024
332 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle Security Alert for CVE-2024-21287: https://t.co/LvZzICBfl3
@KAalderks
18 Nov 2024
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2"
}
],
"operator": "OR"
}
]
}
]