CVE-2024-20953

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Published: Feb 17, 2024
Updated: Feb 18, 2024
CVE: CVE-2024-20953
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / agile_product_lifecycle_management	9.3.6	9.3.6.x

https://www.oracle.com/security-alerts/cpujan2024.html
https://www.zerodayinitiative.com/advisories/ZDI-24-096/

Vulnerability Database

289,689

CVE-2024-20953