#AgilePLM

Oracle Patches Exploited Agile PLM Zero-Day

by

November 20, 2024 at 05:36AM Oracle announced patches for a critical information disclosure vulnerability (CVE-2024-21287) in Agile Product Lifecycle Management (PLM), which has been actively exploited. The flaw allows remote, unauthenticated attackers to access files under PLM application privileges. Users are urged to apply the updates promptly, as support for Agile PLM will end in … Read more

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

by

November 19, 2024 at 03:00PM Oracle has addressed a critical unauthenticated file disclosure vulnerability (CVE-2024-21287) in its Agile PLM software, which was exploited as a zero-day. Users are urged to update immediately to prevent unauthorized file access. The flaw was reported by CrowdStrike and has a CVSS score of 7.5. **Meeting Takeaways:** 1. **Vulnerability Identified**: … Read more