CVE-2023-22039

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM version 9.3.6

Description The issue is related to errors in processing input data in the WebClient component of Oracle Agile PLM. This can allow a remote attacker to gain read, modify, add, or delete access to data. Successful attacks require human interaction and can significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some Oracle Agile PLM accessible data, as well as unauthorized read access to a subset of Oracle Agile PLM accessible data.

Recommendations For Oracle Agile PLM version 9.3.6, update to a newer version that contains a fix for this issue. If no specific fix is provided for this version, consider restricting access to the WebClient component to minimize the risk of exploitation. As a temporary workaround, consider disabling any functionality that relies on user input processing in the WebClient component until a patch is available.