Oracle has released a patch for a critical security vulnerability in its Agile Product Lifecycle Management (PLM) software, CVE-2024-21287. The flaw could allow attackers to steal files from the platform without a username or password. Over 1,000 companies worldwide use Oracle Agile PLM to manage the entire lifecycle of their products.
The vulnerability has a severity score of 7.5 and was being actively exploited in the wild. Oracle urged its users to apply the patch immediately to mitigate potential risks. The company’s Vice President of Security Assurance, Eric Maurice, confirmed the active exploitation in a blog post.
CrowdStrike, a cybersecurity company, initially reported the exploit to Oracle.
Agile PLM security fix issued
However, details about the attackers and their targets have not been disclosed.
The vulnerability can be exploited remotely over a network without authentication. If successfully exploited, it could lead to the disclosure of sensitive files. The flaw is considered a significant concern because of the widespread use of Oracle Agile PLM, primarily by large enterprises with over 10,000 employees and revenues exceeding $1 billion.
Users are advised to promptly apply the security updates provided by Oracle to secure their systems. Oracle’s quick response in patching the vulnerability highlights the importance of timely updates to protect against emerging cyber threats. For further information, users can refer to Oracle’s advisory and Eric Maurice’s blog post, which provide additional details and guidance on applying the necessary patches.
The discovery and patching of this actively exploited vulnerability serves as a reminder of the critical importance of robust cybersecurity practices and prompt patch management to safeguard against potential breaches and data leaks.
April Isaacs is a news contributor for DevX.com She is long-term, self-proclaimed nerd. She loves all things tech and computers and still has her first Dreamcast system. It is lovingly named Joni, after Joni Mitchell.
