Initiatives for
    
    As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
      
     
                  Reference:
Advisory #2024-270
Version:
1.0
Affected software:
Oracle Agile PLM Framework, version 9.3.6
Type:
Unauthenticated Data Access 
CVE/CVSS:
CVE-2024-21287
CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
Easily exploitable vulnerability in Oracle Agile PLM Framework version 9.3.6 allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework.
A vulnerability in Oracle Agile PLM Framework (component: SDK, Process Extension) affects version 9.3.6. It allows unauthenticated attackers with HTTP access to compromise the system, potentially exposing critical or all accessible data.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
 
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.