PT-2023-9052 · Oracle · Oracle Agile Product Lifecycle Management For Process

Dinh Viet Hai

Publicado

2023-12-07

Atualizado

2024-07-03

CVE-2024-21091

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle Agile Product Lifecycle Management for Process version 6.2.4.2

Description The issue is related to insufficient input validation in the Data Import component of the Oracle Agile Product Lifecycle Management for Process application. This can be exploited by a remote attacker to gain unauthorized access to protected information. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data.

Recommendations For version 6.2.4.2, update to a newer version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Data Import component to minimize the risk of unauthorized access.

Correção

Information Disclosure

Improper Access Control

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-284CWE-20

Identificadores relacionados

BDU:2024-03292

CVE-2024-21091

Produtos afetados

Oracle Agile Product Lifecycle Management For Process

PT-2023-9052 · Oracle · Oracle Agile Product Lifecycle Management For Process

CVE-2024-21091

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8