CVE-2024-21287

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM Framework version 9.3.6

Description The issue is related to an unauthenticated file disclosure flaw in the Oracle Agile PLM Framework, allowing an attacker to access files without authentication. This vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. The vulnerability is easily exploitable and has been actively exploited in attacks.

Recommendations For Oracle Agile PLM Framework version 9.3.6, urgently upgrade the affected component to mitigate the risk of unauthorized access to critical data. Apply security patches immediately to prevent exploitation of this vulnerability. As a temporary workaround, consider restricting access to sensitive files and data until a patch is applied.