Oracle patches actively exploited flaw in Agile PLM
Take action: Good news/bad news advisory. Oracle detected an actively exploited flaw, patched it and now will make it available only if the customers pay an exorbitant support fee. If you are running Oracle Agile PLM, you are at risk. You can try isolating the system into trusted networks, but it's a short term mitigation. Either pay for the support and patch fast, or plan to discontinue or replace the product.
Learn More
Oracle has patched an actively exploited security vulnerability in their Agile Product Lifecycle Management (PLM) Framework solution. The vulnerability has been confirmed to be actively exploited by Eric Maurice, VP of Security Assurance at Oracle.
Vulnerability Details:
- CVE-2024-21287 (CVSS score 7.5) - Unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. The vulnerability allows remote attackers to access and potentially exfiltrate sensitive files from affected systems without requiring any authentication credentials
Oracle has released security patches and strongly recommends immediate application of the updates. Unfortunately, the patch is only available for products under Premier Support or Extended Support phases of the Lifetime Support Policy. Organizations running older, unsupported versions are advised to upgrade to supported versions as these may also be vulnerable but won't receive security patches.
