Actively exploited vulnerability

CVE-2024-21287: Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.

CISA KEV source 21 Nov 2024 added 12 Dec 2024 remediation due

Affected product

Oracle · Agile Product Lifecycle Management (PLM)

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2024-21287.