Oracle is warning {that a} high-severity safety flaw impacting the Agile Product Lifecycle Administration (PLM) Framework has been exploited within the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS rating: 7.5), could possibly be exploited sans authentication to leak delicate data.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” it mentioned in an advisory. “If successfully exploited, this vulnerability may result in file disclosure.”
CrowdStrike safety researchers Joel Snape and Lutz Wolf have been credited with discovering and reporting the flaw.
There’s at present no data accessible on who’s exploiting the vulnerability, the targets of the malicious exercise, and the way widespread these assaults are.
“If successfully exploited, an unauthenticated perpetrator could download, from the targeted system, files accessible under the privileges used by the PLM application,” Eric Maurice, vp of Safety Assurance at Oracle, mentioned.
In gentle of energetic exploitation, customers are really useful to use the most recent patches as quickly as doable for optimum safety.
The Hacker Information has reached out to Oracle and CrowdStrike for remark. We’ll replace this story if we get a reply.
