Oracle fixes software security flaw that allowed hackers to steal company files
- Oracle reports that a security flaw in Agile PLM has been fixed
- The bug was exploited in the wild to steal files
- More than 1,000 companies could be vulnerable
Oracle has fixed a vulnerability in its Oracle Agile Product Lifecycle Management (PLM) product that could allow threat actors to download files from the platform.
Since the bug was exploited in the wild as a zero-day, the company urged users to apply the patch immediately to secure their endpoints.
Oracle Agile Product Lifecycle Management (PLM) is the company’s software tool that enables companies to manage the entire lifecycle of a product, from ideation and design to production and retirement.
Confirmed exploitation
More than 1,100 companies are reportedly using Oracle Agile Product Lifecycle Management (PLM), mostly large enterprises with more than 10,000 employees and revenues exceeding $1 billion. The total number of individual users within these organizations is not made public and can vary significantly depending on the size of each company and the specific implementation of the software.
The patch fixes a bug tracked as CVE-2024-21287, with a set severity score of 7.5 (high). It can be operated remotely without authentication, Oracle explained in an advisory, adding: “it can be operated over a network without the need for a username and password. Successfully exploiting this vulnerability could result in file disclosure.”
“Oracle strongly encourages customers to apply the updates to this security alert as soon as possible.”
In the advisory, the company did not mention that the bug was being exploited in the wild, but a later blog post from the company’s VP of Security Assurance, Eric Maurice, confirmed this: BleepingComputer found.
“This vulnerability affects Oracle Agile Product Lifecycle Management (PLM). CrowdStrike was reported to be actively exploiting this vulnerability “in the wild,” Maurice said.
At the time of writing, no other details were available, so we don’t know who the threat actors are, or who they are targeting in their campaign. Either way, it’s better to be safe than sorry, so make sure you apply the patch as soon as possible.