CVE-2024-20953
KEVOracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
8.8
HighPublished:
Last updated:
Source:secalert_us@oracle.com
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.com
https://www.oracle.com/security-alerts/cpujan2024.htmlaf854a3a-2127-422b-91ae-364da2661108
https://www.oracle.com/security-alerts/cpujan2024.html134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20953134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.zerodayinitiative.com/advisories/ZDI-24-096/