CVE-2024-20953

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM version 9.3.6

Description The issue is related to the deserialization of untrusted data in the Export component of Oracle Agile PLM, which can be exploited by a remote attacker to execute arbitrary code. This vulnerability is easily exploitable and can result in the takeover of Oracle Agile PLM. The vulnerability has been reported to be exploited in the wild.

Recommendations For Oracle Agile PLM version 9.3.6, consider disabling the Export component until a patch is available. Restrict access to the Export component to minimize the risk of exploitation. Avoid using the Export component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.