CVE-2024-20953: Since Oracle did not reveal the details. But we can dig out details for existing design to see does it related to this vulnerability? (18th Feb 2024)

Preface: At the most fundamental level, product lifecycle management (PLM) is the strategic process of managing the complete journey of a product from initial ideation, development, service, and disposal.

Background: Agile product lifecycle management (PLM) applies agile principles and methodologies to product management. It is often utilized in software development and its ongoing refinements, improvements, and variations. Critically, Agile methodology breaks down a development project into smaller cycles, called iterations.

Core PLM for discrete industries covers key capabilities like product data management, bill of materials management, engineering change management, and more.

Vulnerability details: Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Official details: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.