Oracle has disclosed a high-severity vulnerability in its Agile Product Lifecycle Management (PLM) Framework, tracked as CVE-2024-21287 (CVSS score: 7.5), which is being actively exploited. Discovered by CrowdStrike researchers Joel Snape and Lutz Wolf, the flaw allows unauthenticated attackers to remotely exploit the system over a network to access sensitive files under the PLM application's privileges. Oracle advises users to apply the latest patches immediately to mitigate risks, as details about the attackers, targets, and scope of the exploitation remain unknown.