Oracle has released an alert about a critical vulnerability in its Agile Product Lifecycle Management (PLM) software, allows attackers to remotely access sensitive files without any authentication, and could leak critical business information.
This vulnerability tracked as CVE-2024-21287 with a CVSS score of 7.5, affects Oracle Agile PLM Framework, version 9.3.6. The flaw is remotely exploitable without authentication, If successfully exploited, the flaw could result in file disclosure, allowing unauthorized perpetrators to download files accessible under the privileges of the PLM application.
Oracle strongly urges all customers using the affected versions to apply the security updates provided in the alert as soon as possible. Delaying patching could leave organizations vulnerable to attacks that could compromise sensitive product data and disrupt business operations.
CrowdStrike reported that this vulnerability is already being actively exploited in the wild, Organizations relying on Oracle Agile PLM should prioritize patching this vulnerability to protect their valuable data and maintain the integrity of their product development processes.
For more information refer to the link
