CVE-2024-20956

Name of the Vulnerable Software and Affected Versions Oracle Agile Product Lifecycle Management for Process versions prior to 6.2.4.2

Description The issue is related to insufficient input validation in the Installation component of the Oracle Agile Product Lifecycle Management for Process product. This can allow an attacker to compromise the confidentiality, integrity, and availability of protected information. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data and the ability to cause a partial denial of service.

Recommendations For versions prior to 6.2.4.2, update to version 6.2.4.2 or later to resolve the issue. As a temporary workaround, consider restricting network access via HTTP to the Installation component until a patch is applied. Additionally, monitor the system for any suspicious activity and apply any available configuration changes or workarounds to minimize the risk of exploitation.