CVE-2024-21287

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-863
View all →

Vulnerability Description

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Related Vulnerabilities

CVE-2006-6679

HIGH
CVSS:7.5(High)

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by sp...

CWE-8632006

CVE-2008-4577

HIGH
CVSS:7.5(High)

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

CWE-8632008

CVE-2011-2726

HIGH
CVSS:7.5(High)

An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual...

CWE-8632011

CVE-2012-2238

HIGH
CVSS:7.5(High)

trytond 2.4: ModelView.button fails to validate authorization

CWE-8632012

CVE-2012-3822

HIGH
CVSS:7.5(High)

Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.

CWE-8632012