Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.oracle.com/security-alerts/cpujan2024.html |
History
Thu, 05 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 27 Nov 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Oracle
Oracle agile Product Lifecycle Management For Process |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:*:*:*:*:*:*:*:* | |
Vendors & Products |
Oracle
Oracle agile Product Lifecycle Management For Process |
MITRE
Status: PUBLISHED
Assigner: oracle
Published: 2024-02-17T01:50:17.379Z
Updated: 2024-12-05T19:52:55.429Z
Reserved: 2023-12-07T22:28:10.627Z
Link: CVE-2024-20956
Vulnrichment
Updated: 2024-08-01T22:06:37.377Z
NVD
Status : Analyzed
Published: 2024-02-17T02:15:49.680
Modified: 2024-11-27T16:37:04.993
Link: CVE-2024-20956
Redhat
No data.