CVE-2024-21287

Published Nov 18, 2024

Last updated 2 days ago

CVSS high 7.5

Overview

Description
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Source
secalert_us@oracle.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-863

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

6

  1. Check this out if you are running Oracle Agile PLM or Product Lifecycle Management regarding the zero day vulnerability. Oracle Security Alert Advisory - CVE-2024-21287 https://t.co/6SMYYQLjK6 #Oracle #OraclePLM

    @s_adachi

    20 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A critical vulnerability, tracked as CVE-2024-21287, has been discovered in Oracle Agile Product Lifecycle Management (PLM). This vulnerability allows unauthenticated attackers to remotely access and download sensitive files from vulnerable systems. 🚨 CVE-2024-21287 (7.5) -… ht

    @cytexsmb

    20 Nov 2024

    331 Impressions

    2 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    2 Quotes

  3. Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. #cybersecurity https://t.co/QbDFGXButj

    @cybertzar

    20 Nov 2024

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️❗️⚠️ CVE-2024-21287 in the Oracle Agile Product Lifecycle Management (PLM) Framework version 9.3.6 This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in file disclosure. https://t.co/mU2RIJvcLp

    @Sujeet

    20 Nov 2024

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE Alert: Oracle Incorrect Authorization Zero-day Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-21287 (CVSS 7.5/10) Oracle Agile PLM Framework Incorrect Authorization Vulnerability Impact A Successful exploit may allows an unauthenticated attacker… h

    @CyberxtronTech

    20 Nov 2024

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🛑 Urgent Alert: A high-severity #vulnerability in Oracle's Agile PLM Framework is actively being exploited. No username or password required, CVE-2024-21287 could leak sensitive data without any authentication. Read the full advisory — https://t.co/5znECFBpxs #infosec

    @TheHackersNews

    20 Nov 2024

    13670 Impressions

    59 Retweets

    94 Likes

    11 Bookmarks

    1 Reply

    1 Quote

  7. Oracle has addressed a critical unauthenticated file disclosure flaw in Agile PLM, tracked as CVE-2024-21287. This vulnerability, actively exploited in attacks, allowed unauthorized file downloads. Stay informed and protect your systems. Read more here: https://t.co/6IGOCKAb0n

    @trubetech

    19 Nov 2024

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) - Help Net Security https://t.co/zkTxvi85xF

    @TheCyberSecHub

    19 Nov 2024

    797 Impressions

    4 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. csirt_it: ‼ #Oracle: rilevato lo sfruttamento attivo in rete della CVE-2024-21287 relativa al prodotto #AgileProductLifecycleManagement - #PLM Rischio: 🔴 Tipologia: 🔸 Information Disclosure 🔗 https://t.co/ES10XJOc9n ⚠ Importante aggiornare i sis… https://t.co/VvmpzYssbs

    @Vulcanux_

    19 Nov 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-21287 Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that … https://t.co/0wA8bcxegQ

    @CVEnew

    18 Nov 2024

    332 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Oracle Security Alert for CVE-2024-21287: https://t.co/LvZzICBfl3

    @KAalderks

    18 Nov 2024

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References