← Voltar para CVEs
CVE-2024-20953
HIGHCISA KEV8.8
Descricao
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado2/17/2024
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorOracle
ProdutoAgile Product Lifecycle Management (PLM)
Nome da vulnerabilidadeOracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
Data inclusao KEV2025-02-24
Prazo de remediacao2025-03-17
Uso em ransomwareUnknown
Produtos afetados
oracle:agile_product_lifecycle_management
Fraquezas (CWE)
CWE-502
Referencias
https://www.oracle.com/security-alerts/cpujan2024.html(secalert_us@oracle.com)
https://www.oracle.com/security-alerts/cpujan2024.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20953(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.zerodayinitiative.com/advisories/ZDI-24-096/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.