← Voltar para CVEs
CVE-2024-21287
HIGHCISA KEV7.5
Descricao
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/18/2024
Ultima modificacao10/27/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorOracle
ProdutoAgile Product Lifecycle Management (PLM)
Nome da vulnerabilidadeOracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability
Data inclusao KEV2024-11-21
Prazo de remediacao2024-12-12
Uso em ransomwareUnknown
Produtos afetados
oracle:agile_product_lifecycle_management
Fraquezas (CWE)
CWE-863CWE-863
Referencias
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html(secalert_us@oracle.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21287(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.