Oracle has disclosed a high-severity zero-day vulnerability (CVE-2024-21287, CVSS 7.5) in Agile Product Lifecycle Management (PLM) version 9.3.6, which has been actively exploited in the wild. Reported by Joel Snape and Lutz Wolf of CrowdStrike, the flaw allows unauthenticated attackers to remotely access files with the privileges of the PLM application via the HTTP protocol. Oracle's VP of security assurance, Eric Maurice, confirmed the exploitation and urged users to apply the provided security updates immediately. Agile PLM, introduced two decades ago, is slated for discontinuation by Oracle, with premier support ending on December 31, 2027.