CVE-2026-21944

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.4:*:*:*:*:*:*:*

History

17 Jun 2026, 10:19

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle Agile Product Lifecycle Management para Process de Oracle Supply Chain (componente: Product Quality Management). La versión compatible que está afectada es 6.2.4. Una vulnerabilidad fácilmente explotable permite a un atacante con pocos privilegios y acceso a la red vía HTTP comprometer Oracle Agile Product Lifecycle Management para Process. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Agile Product Lifecycle Management para Process. Puntuación base CVSS 3.1 de 6.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

29 Jan 2026, 20:47

Type Values Removed Values Added
First Time Oracle agile Product Lifecycle Management For Process
Oracle
CPE cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.4:*:*:*:*:*:*:*
References () https://www.oracle.com/security-alerts/cpujan2026.html - () https://www.oracle.com/security-alerts/cpujan2026.html - Vendor Advisory

21 Jan 2026, 16:16

Type Values Removed Values Added
CWE CWE-79

20 Jan 2026, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-20 22:15

Updated : 2026-06-17 10:19


NVD link : CVE-2026-21944

Mitre link : CVE-2026-21944

CVE.ORG link : CVE-2026-21944


JSON object : View

Products Affected

oracle

  • agile_product_lifecycle_management_for_process
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')