skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Oracle Patches File Disclosure Vulnerability in Agile PLM

/ 1 min read

Oracle addresses critical file disclosure vulnerability in Agile PLM. Oracle has patched a serious unauthenticated file disclosure vulnerability, tracked as CVE-2024-21287, in its Agile Product Lifecycle Management (PLM) software, which was actively exploited as a zero-day to download files. The company urged customers to update to the latest version immediately, as the flaw allows remote exploitation without authentication, potentially leading to unauthorized file access. Although initially reported by CrowdStrike without confirmation of active exploitation, Oracle’s Vice President of Security Assurance later confirmed that the vulnerability was indeed being exploited in the wild. The flaw has a CVSS Base Score of 7.5, indicating a significant risk, but details on the specific exploitation methods or threat actors remain unclear.