The flaw in Oracle Agile Product Lifecycle Management for Process version 6.2.4 permits an attacker with low privileges to access the system over HTTP and read data that should be restricted. The vulnerability is reported as a low‑complexity, network‑based exploit that results in a confidentiality compromise, as reflected by the CVSS 3.1 score of 4.3 (C L). Based on the description, it is inferred that the weakness arises from inadequate authorization checks in the Product Quality Management component, leading to information disclosure.

Oracle Corporation’s Agile Product Lifecycle Management for Process, part of Oracle Supply Chain Management, is affected. The only explicitly listed vulnerable release is version 6.2.4; newer releases are presumed patched. No other versions or components are mentioned.

Based on the description, it is inferred that the attack can be launched over the public network without authentication and only requires low privileges, suggesting a moderate risk of exploitation. The CVSS Base Score of 4.3 indicates a moderate impact on confidentiality, but since no EPSS score is available and the vulnerability is not listed in KEV, we cannot determine the current exploitation prevalence, and it is inferred that hacking activity is not yet widespread. However, the ease of use of the flaw means organizations should assess the potential data exposure promptly and consider remediation or additional controls.