The version of Oracle Agile Product Lifecycle Management (PLM) on the remote host is 9.3.6.x prior to 9.3.6.26. It is, therefore, affected by multiple vulnerabilities, including:

  - Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version     that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via     HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle     Agile PLM. (CVE-2024-20953)     
  - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can     reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)   
  - An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified     impacts via crafted object that uses cyclic dependencies. (CVE-2023-34624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Agile Product Lifecycle Management (PLM) 9.3.6.x < 9.3.6.26

high Nessus Plugin ID 216910

Version 1.3