CVE-2025-21560

MEDIUM Year: 2025
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Software Development Kit). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Related Vulnerabilities

CVE-2009-2213

MEDIUM
CVSS:6.5(Medium)

The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Author...

CWE-8632009

CVE-2011-3617

MEDIUM
CVSS:6.5(Medium)

Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.

CWE-8632011

CVE-2014-0169

MEDIUM
CVSS:6.5(Medium)

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to acce...

CWE-8632014

CVE-2015-1780

MEDIUM
CVSS:6.5(Medium)

oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center

CWE-8632015

CVE-2016-3131

MEDIUM
CVSS:6.5(Medium)

Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

CWE-8632016

CVE-2016-6353

MEDIUM
CVSS:6.5(Medium)

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

CWE-8632016