1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

Known Exploited Vulnerabilities CVE-2024-20953

Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
An attacker can create a serialized object specifically designed to exploit the deserialization vulnerability, embedding this payload into a request, which is then sent to a WebLogic server, leading to arbitrary code execution.
References
  1. https://www.codeant.ai/blogs/cve-2025-21535
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
An attacker can create a serialized object specifically designed to exploit the deserialization vulnerability, embedding this payload into a request, which is then sent to a WebLogic server, leading to arbitrary code execution.
References
  1. https://www.codeant.ai/blogs/cve-2025-21535