PT-2023-9052 · Oracle · Oracle Agile Product Lifecycle Management For Process
Dinh Viet Hai
+3
·
Published
2023-12-07
·
Updated
2024-07-03
·
CVE-2024-21091
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Agile Product Lifecycle Management for Process version 6.2.4.2
Description
The issue is related to insufficient input validation in the Data Import component of the Oracle Agile Product Lifecycle Management for Process application. This can be exploited by a remote attacker to gain unauthorized access to protected information. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data.
Recommendations
For version 6.2.4.2, update to a newer version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Data Import component to minimize the risk of unauthorized access.
Fix
Information Disclosure
Improper Access Control
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Agile Product Lifecycle Management For Process