CVE-2024-20953 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-02-17

Added to CISA KEV: 2025-02-24 373 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately patch Oracle Agile PLM 9.3.6 to the latest version per Oracle's January 2024 CPU advisory
Review network access logs for suspicious HTTP requests to Agile PLM export functionality
Implement network segmentation to limit exposure if not already done
Monitor for unusual authentication patterns or privilege escalations
HIGHEST patch priority - treat as emergency due to active exploitation and complete system compromise potential

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-20953 is a high-severity remote code execution (RCE) vulnerability affecting the Oracle Agile Product Lifecycle Management (PLM) product ^[4] ^[1].

Exploitation and Impact

Attack Method: The vulnerability is classified as a deserialization flaw, where the application improperly deserializes untrusted data, allowing an attacker to execute arbitrary code ^[3] ^[1].
Requirements: It is considered "easily exploitable" by a low-privileged attacker who has network access to the system via HTTP ^[2]?lang=en?kagi_q=CVE-2024-20953+details+exploitation+impact+patch.
Impact: Successful exploitation results in a complete compromise (takeover) of the Oracle Agile PLM system, affecting confidentiality, integrity, and availability ^[2]?lang=en?kagi_q=CVE-2024-20953+details+exploitation+impact+patch.

Threat Landscape and Exploitation

Active Exploitation: The vulnerability has been identified as being exploited in the wild, leading to its inclusion in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog ^[1].
Targeted Attacks: It has been associated with malicious cyber actors targeting federal enterprises and other organizations ^[1].

Patch and Mitigation Status

Status: Because this is a known exploited vulnerability, organizations are urged to prioritize applying the security updates provided by Oracle ^[1].
Affected Versions: The vulnerability affects the "Export" component of Oracle Agile PLM ^[2]. Users should consult the relevant Oracle Critical Patch Update (CPU) advisories for specific version numbers and patch availability ^[5].

Sources

CVE-2024-20953 - Exploits & Severity - Feedly
Threat Intelligence Report CVE-2024-20953 is a critical deserialization vulnerability in Oracle Agile Product Lifecycle Management (PLM) that allows attackers to execute arbitrary code by improperly deserializing untrusted data. The inclusion of this vulnerability in CISA’s KEV Catalog underscores t…
CVE-2024-20953 Detail - NVD
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. ... CVE-2024-20953 Detail. Description. Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export).Easily exploitable vulnerability allows low pr…
CVE-2024-20953 | High Vulnerability in Oracle Agile PLM
A high-severity deserialization vulnerability in Oracle Agile PLM allows low-privileged attackers to compromise the system via HTTP.
CVE-2024-20953: Oracle Agile PLM RCE Vulnerability - SentinelOne
CVE-2024-20953 is a remote code execution vulnerability in Oracle Agile PLM. Learn about its impact, affected versions, and mitigation methods. ... This vulnerability enables a low-privileged attacker with network access via HTTP to achieve complete compromise of the Oracle Agile PLM system, ...
Oracle Critical Patch Update Advisory - January 2024
Oracle Critical Patch Update Advisory - January 2024. Description. A Critical Patch Update is a collection of patches for multiple security vulnerabilities.