CVE-2024-20953 - Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

: Oracle | Agile Product Lifecycle Management (PLM)

Date Added:
2025-02-24

Due Date:
2025-03-17

Vulnerability Name: Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

Description: Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953

Free online web security scanner

Don't show website scan report rating on the leaderboard