Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation


Oracle has disclosed a high-severity vulnerability in its Agile Product Lifecycle Management (PLM) Framework, tracked as CVE-2024-21287 (CVSS score: 7.5), which is being actively exploited. Discovered by CrowdStrike researchers Joel Snape and Lutz Wolf, the flaw allows unauthenticated attackers to remotely exploit the system over a network to access sensitive files under the PLM application's privileges. Oracle advises users to apply the latest patches immediately to mitigate risks, as details about the attackers, targets, and scope of the exploitation remain unknown.

Read More


thumb-image

Solutions