Oracle patches software security flaw which could have let hackers steal business files

The flaw was being exploited in the wild, Oracle confirms

· TechRadar

News By Sead Fadilpašić published 20 November 2024

(Image credit: Oracle)
  • Oracle reports patching a security flaw in Agile PLM
  • The bug was being exploited in the wild to steal files
  • More than 1,000 companies could be vulnerable

Oracle has fixed a vulnerability in its Oracle Agile Product Lifecycle Management (PLM) product which could have allowed threat actors to download files from the platform.

Since the bug was exploited in the wild as a zero-day, the company urged users to apply the patch immediately and thus secure their endpoints.

Oracle Agile Product Lifecycle Management (PLM) is the company's software tool to help businesses manage the entire lifecycle of a product, from ideation and design to production and retirement.

Confirmed exploitation

More than 1,100 companies reportedly use Oracle Agile Product Lifecycle Management (PLM), predominantly large enterprises with more than 10,000 employees and revenues exceeding $1 billion. The total number of individual users across these organizations is not publicly disclosed and can vary significantly based on each company's size and specific deployment of the software.

The patch fixes a bug tracked as CVE-2024-21287, with a designated severity score of 7.5 (high). It is remotely exploitable without authentication, Oracle explained in an advisory, adding, “it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure."

"Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."

In the advisory, the company did not state the bug was being exploited in the wild, but a later blog post by the company’s VP of Security Assurance, Eric Maurice, confirmed it, BleepingComputer found.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors