Oracle patches software security flaw which could have let hackers steal business files
Date:
Wed, 20 Nov 2024 13:30:00 +0000
Description:
The flaw was being exploited in the wild, Oracle confirms, but we don't know by whom.
FULL STORY ======================================================================Oracle reports patching a security flaw in Agile PLM The bug was being exploited in the wild to steal files More than 1,000 companies could be vulnerable
Oracle has fixed a vulnerability in its Oracle Agile Product Lifecycle Management (PLM) product which could have allowed threat actors to download files from the platform.
Since the bug was exploited in the wild as a zero-day , the company urged users to apply the patch immediately and thus secure their endpoints.
Oracle Agile Product Lifecycle Management (PLM) is the company's software
tool to help businesses manage the entire lifecycle of a product, from ideation and design to production and retirement. Confirmed exploitation
More than 1,100 companies reportedly use Oracle Agile Product Lifecycle Management (PLM), predominantly large enterprises with more than 10,000 employees and revenues exceeding $1 billion. The total number of individual users across these organizations is not publicly disclosed and can vary significantly based on each company's size and specific deployment of the software.
The patch fixes a bug tracked as CVE-2024-21287, with a designated severity score of 7.5 (high). It is remotely exploitable without authentication,
Oracle explained in an advisory, adding, it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in file disclosure."
"Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."
In the advisory, the company did not state the bug was being exploited in the wild, but a later blog post by the companys VP of Security Assurance, Eric Maurice, confirmed it, BleepingComputer found.
"This vulnerability affects Oracle Agile Product Lifecycle Management (PLM). It was reported as being actively exploited "in the wild" by CrowdStrike," Maurice said.
At press time, other details were not available, so we dont know who the threat actors are, or who they are targeting in their campaign. In any case, its better to be safe than sorry, so make sure to apply the patch ASAP. You might also like Thousands of Oracle NetSuite ERP websites found leaking private customer information Here's a list of the best firewalls today These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/oracle-patches-software-security-flaw-w hich-could-have-let-hackers-steal-business-files
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)