CVE-2024-21287 - Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Vulnerability Name

Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Description

Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.oracle.com/security-alerts/alert-cve-2024-21287.html

https://nvd.nist.gov/vuln/detail/CVE-2024-21287

Related News Articles

Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISAFebruary 25, 2025

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major ProductsJanuary 22, 2025