Vulnerability Details CVE-2024-20953
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.705
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 8.8
Proposed Action
Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
Ransomware Campaign
Unknown
References
Products affected by CVE-2024-20953
-
cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6