CVE-2020-2920

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM versions 9.3.3 through 9.3.6

Description The issue is related to inadequate access control in the Security component of Oracle Agile PLM, allowing a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data.

Recommendations For versions 9.3.3 through 9.3.6, update to a version that includes the necessary security patches to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.