Oracle has just released Security Alert CVE-2024-21287. This vulnerability affects Oracle Agile Product Lifecycle Management (PLM). It was reported as being actively exploited “in the wild” by CrowdStrike. This vulnerability has received a CVSS Base Score of 7.5. If successfully exploited, an unauthenticated perpetrator could download, from the targeted system, files accessible under the privileges used by the PLM application.
Oracle customers should refer to the Security Alert Advisory for information on how to apply the required security patch.
For more information:
Security Alert CVE-2024-21287 is published at https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
With over 20 years experience in helping customers deal with securing complex IT systems, responding to cyber incidents, and developing comprehensive security strategies to manage technological risks and meet regulatory requirements, Eric Maurice helps define corporate security assurance policies and programs for Oracle’s on-premises and cloud offerings.