Emergency security patch: Attacks on Oracle Agile PLM
Oracle has released a security update out of sequence due to ongoing attacks on Oracle Agile Product Lifecycle Management.
(Image: solarseven/Shutterstock.com)
Oracle's Agile Product Lifecycle Management (PLM) solution is vulnerable in version 9.3.6, and attackers are currently actively exploiting a security vulnerability. The software manufacturer advises admins to update urgently.
The security risk
In a warning message, the developers describe that the vulnerability (CVE-2024-21287"high") in the Agile PLM framework affects the Software Development Kit and Process Extension components. Attacks should be possible remotely, without authentication. If an attack is successful, attackers can view files.
How the attacks work in detail and to what extent they take place is currently unknown. Oracle is also not currently specifying which parameters admins can use to recognize systems that have already been attacked. Oracle does not name the output secured against the attacks in the warning message. The linked support portal can only be accessed with an Oracle account.
Videos by heise
As a rule, the software manufacturer always publishes security updates on a quarterly basis. This was last the case in October. However, patches are also released out of sequence in the event of attacks.
(des)
