Ethical Hacking News
Oracle has warned that a high-severity security flaw in its Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild, allowing attackers to leak sensitive information. The vulnerability, tracked as CVE-2024-21287 with a CVSS score of 7.5, is considered remotely exploitable and can be attacked over a network without requiring authentication credentials.
An unauthenticated attacker can leak sensitive information from a system using Oracle's Agile PLM Framework with CVE-2024-21287. The vulnerability allows attackers to download and access files on the compromised system without needing authentication credentials, making it remotely exploitable. The vulnerability was discovered by CrowdStrike security researchers Joel Snape and Lutz Wolf, but targets of malicious activity are not publicly known. Organizations using the Agile PLM Framework should apply latest patches immediately to minimize risk, review security configurations, update software, and implement additional security measures.
Oracle has issued a high-severity security warning regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) Framework, which has been actively exploited by malicious actors. The vulnerability, tracked as CVE-2024-21287 with a CVSS score of 7.5, allows an unauthenticated attacker to leak sensitive information from the targeted system.
In a recent advisory, Eric Maurice, vice president of Security Assurance at Oracle, stated that if successfully exploited, the vulnerability may result in file disclosure. This means that an attacker could potentially download and access files on the compromised system without needing authentication credentials. The vulnerability is considered remotely exploitable, meaning it can be attacked over a network without requiring a username or password.
According to Oracle, this vulnerability was discovered by CrowdStrike security researchers Joel Snape and Lutz Wolf, who reported their findings in an advisory. However, at this time, there is no information available on the targets of the malicious activity or the scope of these attacks.
The discovery of this vulnerability highlights the importance of timely patching and regular security updates for software applications. As Oracle advises users to apply the latest patches as soon as possible to minimize the risk of exploitation, it is clear that the consequences of not taking prompt action can be severe.
In light of the active exploitation of this vulnerability, organizations that use the Agile PLM Framework should take immediate action to secure their systems and protect sensitive information. This includes reviewing their security configurations, updating their software to the latest version, and implementing additional security measures to prevent unauthorized access.
The discovery of this vulnerability also underscores the need for ongoing vigilance in the cybersecurity landscape. As new vulnerabilities are discovered and exploited, it is essential for organizations to stay informed and take proactive steps to mitigate these risks.
In conclusion, Oracle's warning regarding the high-severity PLM vulnerability under active exploitation serves as a stark reminder of the importance of prioritizing security in software applications. By staying vigilant and taking prompt action, organizations can minimize the risk of exploitation and protect their sensitive information from falling into the wrong hands.
Related Information:
https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html
https://nvd.nist.gov/vuln/detail/CVE-2024-21287
https://www.cvedetails.com/cve/CVE-2024-21287/
Published: Wed Nov 20 00:05:29 2024 by llama3.2 3B Q4_K_M
