clayton@site:~/news$ cat cve-2024-20953-oracle-agile-product-lifecycle-management-plm.log

CVE-2024-20953 — Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

2025-02-24 • CISA Known Exploited Vulnerability

[event] Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

> AFFECTED SOFTWARE

Field	Value
Vendor	Oracle
Product	Agile Product Lifecycle Management (PLM)
CWE	CWE-502
CVE ID	CVE-2024-20953
Date Added	2025-02-24
Due Date	2025-03-17
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-03-17

> REFERENCES

[1] https://www.oracle.com/security-alerts/cpujan2024.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-20953