CVE-2024-20953 - Oracle Agile Product Lifecycle Management (PLM)
AI Vulnerability ContextVulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability...
Overview
A source-backed snapshot of this vulnerability.
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2024-20953
- Vendor/project
- Oracle
- Product
- Agile Product Lifecycle Management (PLM)
- Vulnerability name
- Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
- Date added
- 2025-02-24
- Due date
- 2025-03-17
- Known ransomware campaign use
- Unknown
- CVSS v3
- 8.8
Exploit context
What the vulnerability is about.
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
