Oracle Patches File Disclosure Vulnerability in Agile PLM
/ 1 min read
Oracle addresses critical file disclosure vulnerability in Agile PLM. Oracle has patched a serious unauthenticated file disclosure vulnerability, tracked as CVE-2024-21287, in its Agile Product Lifecycle Management (PLM) software, which was actively exploited as a zero-day to download files. The company urged customers to update to the latest version immediately, as the flaw allows remote exploitation without authentication, potentially leading to unauthorized file access. Although initially reported by CrowdStrike without confirmation of active exploitation, Oracle’s Vice President of Security Assurance later confirmed that the vulnerability was indeed being exploited in the wild. The flaw has a CVSS Base Score of 7.5, indicating a significant risk, but details on the specific exploitation methods or threat actors remain unclear.