CVE-2024-21092 – This vulnerability in Oracle Agile Product Life... (How to Fix)

Q: What is the severity of CVE-2024-21092?

CVE-2024-21092 has a CVSS score of 8.1 (HIGH). This vulnerability in Oracle Agile Product Lifecycle Management for Process allows authenticated attackers with low privileges to perform unauthorized data manipulation and access. Attackers can create, delete, or modify critical data, and access sensitive information through HTTP requests. Only version 6.2.4.2 of the Product Quality Management component is affected.

📋 TL;DR

This vulnerability in Oracle Agile Product Lifecycle Management for Process allows authenticated attackers with low privileges to perform unauthorized data manipulation and access. Attackers can create, delete, or modify critical data, and access sensitive information through HTTP requests. Only version 6.2.4.2 of the Product Quality Management component is affected.

💻 Affected Systems

Products:

Oracle Agile Product Lifecycle Management for Process

Versions: 6.2.4.2

Operating Systems: Not specified - likely all supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Product Quality Management component. Requires network access via HTTP and low privileged credentials.

📦 What is this software?

Agile Product Lifecycle Management For Process by Oracle

View all CVEs affecting Agile Product Lifecycle Management For Process →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of all Oracle Agile PLM for Process data, including unauthorized access to critical business information and unauthorized modification or deletion of production data.

🟠

Likely Case

Unauthorized access to sensitive product quality data and unauthorized modifications to quality management records, potentially affecting manufacturing processes.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring of privileged user activities.

🌐 Internet-Facing: HIGH - The vulnerability is network accessible via HTTP and requires only low privileged credentials, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to insider threats or compromised internal accounts, but network segmentation can reduce exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Oracle describes it as 'easily exploitable' with low attack complexity. Requires authenticated access but only low privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Oracle Critical Patch Update for April 2024

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2024.html

Restart Required: Yes

Instructions:

1. Review Oracle Critical Patch Update Advisory for April 2024. 2. Download and apply the appropriate patch for Oracle Agile PLM for Process 6.2.4.2. 3. Restart the application services. 4. Verify the patch installation.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Oracle Agile PLM for Process to only trusted IP addresses and networks.

Privilege Reduction

all

Review and minimize low-privilege user accounts and implement least privilege access controls.

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to the application
Enhance monitoring and logging of all data access and modification activities in the Product Quality Management module

🔍 How to Verify

Check if Vulnerable:

Check if running Oracle Agile PLM for Process version 6.2.4.2 with Product Quality Management component enabled.

Check Version:

Check Oracle Agile PLM administration console or application logs for version information.

Verify Fix Applied:

Verify patch installation through Oracle patch management tools and confirm version is updated beyond vulnerable state.

📡 Detection & Monitoring

Log Indicators:

Unusual data access patterns in Product Quality Management module
Multiple failed authentication attempts followed by successful low-privilege access
Unexpected data creation, modification, or deletion events

Network Indicators:

HTTP requests to Product Quality Management endpoints from unusual sources
Burst of HTTP requests to data manipulation endpoints

SIEM Query:

source="oracle_agile_plm" AND (event_type="data_modification" OR event_type="data_access") AND user_privilege="low" AND result="success"

📊 Metadata

CVE ID: CVE-2024-21092

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Published: April 16, 2024

Last Updated: December 6, 2024

🔗 References

https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON