Exposures › CVE-2024-20953

CVE-2024-20953

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-02-24
Reference
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Players implicated

Description

Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Affected FedRAMP products 10 in the catalog

ProductProviderStatusMatch
Aconex for Defense Oracle Authorized vendor-exact · 0.90
Federal Managed Cloud Services Oracle Authorized vendor-exact · 0.90
Fusion Cloud Oracle Authorized vendor-exact · 0.90
Government Cloud - Common Controls Oracle Authorized vendor-exact · 0.90
Oracle Cloud Infrastructure-Government Cloud Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) - Moderate Oracle In Process vendor-exact · 0.90
Oracle Service Cloud Oracle Authorized vendor-exact · 0.90
Oracle Service Cloud (DOD) Oracle Authorized vendor-exact · 0.90
Taleo Cloud - U.S. Government Cloud Oracle Authorized vendor-exact · 0.90