πŸ”΄ CVE-2024-21182

CVE-2024-21182 is an unauthenticated network vulnerability in Oracle WebLogic Server allowing unauthorized access to critical data via T3/IIOP protocols. WebLogic Server is commonly deployed as an internet-facing enterprise application server, making this vulnerability highly exploitable from the internet.

← Back to Overview
HIGH_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-07-16

Added to CISA KEV: 2026-06-01 685 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2024-21182 is a critical vulnerability affecting Oracle WebLogic Server that has been confirmed as being actively exploited in the wild [1] [4]. Due to this active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on June 1, 2026 [1].

Vulnerability Overview
  • Affected Product: Oracle WebLogic Server (part of Oracle Fusion Middleware)?trk=article-ssr-frontend-pulse_little-text-block?kagi_q=CVE-2024-21182+details+exploitation+impact+affected+versions.
  • Affected Versions: 12.2.1.4.0 and 14.1.1.0.0 [2].
  • CVSS Score: 7.5 (High) [5].
Exploitation Details
  • Attack Method: The vulnerability is considered "easily exploitable" and allows an unauthenticated attacker to compromise the server remotely [2].
  • Exploitation Requirements: Exploitation occurs over the network using the T3 or IIOP protocols [2]. No user interaction is required for a successful attack [2].
  • Impact: Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible by the Oracle WebLogic Server [3].
Status and Mitigation
  • Active Exploitation: The vulnerability is actively exploited in the wild, leading to its inclusion in the CISA KEV catalog [1].
  • Patching: Federal agencies were required to apply patches to address this vulnerability by June 4, 2026 [4]. Organizations running the affected versions should prioritize applying the latest security updates provided by Oracle.
Specific details regarding the use of this vulnerability in ransomware campaigns or the availability of public proof-of-concept exploit tools are not explicitly detailed in the current reports, though its presence in the KEV catalog indicates it is a high-priority target for threat actors.

Sources

  1. CISA Warns of Oracle WebLogic Server Vulnerability Exploited in Attacks

    CISA has issued a fresh warning highlighting active exploitation of a critical Oracle WebLogic Server vulnerability, tracked as CVE-2024-21182, adding it to its Known Exploited Vulnerabilities (KEV) catalog on June 1, 2026.

  2. CVE-2024-21182 Detail - NVD

    1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.

  3. CVE-2024-21182 - Exploits & Severity

    This vulnerability affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. It is an easily exploitable vulnerability that allows an ... Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access…

  4. Oracle WebLogic CVE-2024-21182 Added to KEV Catalog ...

    CVE-2024-21182 entered CISA's KEV catalog after active exploitation evidence, requiring federal patching by June 4, 2026. ... CVE-2024-21182 entered CISA's KEV catalog after active exploitation evidence, requiring federal patching by June 4, 2026.

  5. Oracle WebLogic Server Vulnerability Lets Attackers Compromise the...

    A vulnerability, tracked as CVE-2024-21182, in Oracle WebLogic Server, affecting versions 12.2.1.4.0 and 14.1.1.0.0. The flaw, rated with a CVSS score of 7.5 (High), allows unauthenticated attackers to compromise servers remotely via the T3 and IIOP protocols. The vulnerability resides in the core c…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed