Oracle針對產品生命週期管理系統Agile用戶提出警告,其零時差漏洞已傳出被用於攻擊
支付動態 · 2024-11-22
週一(11月18日)Oracle修補產品生命週期管理(PLM)系統Agile的高風險漏洞CVE-2024-21287,隔日該公司透露這項漏洞已遭濫用,有人正在積極、廣泛將此弱點用於攻擊行動
本週Oracle修補產品生命週期管理(PLM)系統Agile的高風險漏洞CVE-2024-21287,值得留意的是,這項弱點已傳出被用於攻擊行動。
該公司先是發布資安公告,表示他們針對9.3.6版Agile PLM框架修補CVE-2024-21287,並指出攻擊者無需通過身分驗證,就能遠端利用這項弱點,一旦成功利用,就有可能導致檔案洩露,CVSS風險評為7.5分。
而在提交給美國國家漏洞資料庫(NVD)的說明裡,他們還提到這項漏洞相當容易利用,攻擊者可透過HTTP連線入侵此生命週期管理系統,而且,若是成功利用漏洞,攻擊者將能在未經授權的情況下,完整存取Agile所有能夠存取的資料。
雖然在前述資安公告當中,Oracle並未進一步說明漏洞是否遭到利用,但該公司安全保證副總裁Eric Maurice透過部落格提出警告,資安業者CrowdStrike向他們通報此事時,已出現積極且廣泛利用的現象,呼籲IT人員應儘速取得修補程式並套用。
熱門文章
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
British gambling levy rates confirmed for each vertical
Regulation
