Skip to main content

Supply Chain Products Suite CVE-2026-21940

HIGH
Information Exposure (CWE-200)
2026-01-20 secalert_us@oracle.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 20, 2026 - 22:15 nvd
HIGH 7.5

DescriptionCVE.org

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

AnalysisAI

Unauthenticated attackers can access sensitive data in Oracle Agile PLM 9.3.6 through an HTTP network request targeting the User and User Group component, potentially exposing all accessible information within the application. This easily exploitable vulnerability requires no user interaction and affects Oracle Supply Chain Products Suite deployments. No patch is currently available.

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects Supply Chain Products Suite. Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2012-0549 HIGH POC
7.5 May 03

Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows rem

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2013-5880 MEDIUM POC
5.0 Jan 15

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.

CVE-2013-5877 MEDIUM POC
5.0 Jan 15

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0

CVE-2013-5795 MEDIUM POC
5.0 Jan 15

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0

CVE-2014-0379 MEDIUM POC
4.3 Jan 15

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0

CVE-2014-0372 MEDIUM POC
5.5 Jan 15

Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0

CVE-2015-2663 HIGH
7.5 Jul 16

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6

CVE-2014-6533 MEDIUM
6.8 Oct 15

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 an

CVE-2015-0435 MEDIUM
6.8 Jan 21

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6

CVE-2015-2570 MEDIUM
6.5 Apr 16

Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 1

CVE-2014-4229 MEDIUM
5.5 Jul 17

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6

Share

CVE-2026-21940 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy