8.8
CVE-2024-20953
- EPSS 76.97%
- Veröffentlicht 17.02.2024 02:15:49
- Zuletzt bearbeitet 10.03.2025 20:23:29
- Quelle secalert_us@oracle.com
- Teams Watchlist Login
- Unerledigt Login
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Agile Product Lifecycle Management Version9.3.6
24.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
SchwachstelleOracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 76.97% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert_us@oracle.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.