Skip to main content
All vulnerabilities
CVE-2024-21287

Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

OracleAgile Product Lifecycle Management (PLM)

Added to KEV catalog
21 November 2024
Federal remediation due date
12 December 2024
Weakness classification (CWE)
CWE-863

CISA Description

Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes

https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services