CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-21182

Critical Severity|Oracle
74
SVRS
7.5
CVSSv3
0.89649
EPSS
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
TAGS
In The WildExploit AvaliableCISA KEV
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:NA:N
PUBLICATION DATE2024-07-16
LAST MODIFIED2026-06-01
SOCRadarAI Insight

Description

CVE-2024-21182 is a critical vulnerability affecting Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. This vulnerability, residing in the Core component of Oracle Fusion Middleware, allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise the Oracle WebLogic Server. Successful exploitation could lead to unauthorized access to sensitive data or complete control over all accessible data within the server.

The SVRS score of 48, while not reaching the critical threshold of 80, still highlights the urgency of addressing this vulnerability. Despite the relatively lower SVRS score, the fact that the CVE is marked as "In The Wild" and "Exploit Available" signifies active exploitation by malicious actors.

Key Insights

  • Unauthenticated Remote Exploitation: The vulnerability allows attackers to exploit the server without requiring any authentication, making it significantly easier for malicious actors to compromise the system.
  • Data Compromise and Server Takeover: Successful exploitation can result in unauthorized access to critical data and potentially complete control over the Oracle WebLogic Server, severely impacting data confidentiality and system integrity.
  • Active Exploitation: The vulnerability is actively being exploited in the wild, meaning attackers are already utilizing published exploits to compromise vulnerable systems. This underscores the urgent need for immediate mitigation measures.
  • Extensive Impact: The vulnerability affects two commonly deployed versions of Oracle WebLogic Server, potentially impacting a large number of organizations using these versions.

Mitigation Strategies

  • Patching: Applying the latest security patches released by Oracle is the most effective way to mitigate this vulnerability. Organizations must prioritize patching vulnerable systems immediately.
  • Network Segmentation: Implement network segmentation policies to isolate vulnerable WebLogic servers from the rest of the network, limiting the potential impact of a successful attack.
  • T3/IIOP Protocol Blocking: Disable or restrict access to T3 and IIOP protocols on vulnerable systems, preventing attackers from exploiting the vulnerability through these communication channels.
  • Intrusion Detection and Prevention Systems (IDS/IPS): Deploy and configure IDS/IPS solutions to detect and block potential exploitation attempts targeting this vulnerability.

Additional Information

If users have any further questions regarding this incident, they can utilize the "Ask to Analyst" feature, contact SOCRadar directly, or open a support ticket for more information.

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

No IOCs found for this CVE

TitleSoftware LinkDate
kursadalsan/CVE-2024-21182https://github.com/kursadalsan/CVE-2024-211822024-12-29
k4it0k1d/CVE-2024-21182https://github.com/k4it0k1d/CVE-2024-211822024-12-29
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
Breach Roundup: Microsoft Tries to Mend Researcher Bridges - BankInfoSecurity
2026-06-04
Breach Roundup: Microsoft Tries to Mend Researcher Bridges - BankInfoSecurity | News Content: Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, Microsoft tried to make up with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Scammers spoofed the North Ireland police. Russia said it uncovered a cyberespionage operation on mobile devices. The Dutch police took down a big botnet and Spanish police arrested a teenage hacker with a taste for doxing. A Oracle Weblogic flaw was actively exploited
cve-2024-21182githubfraudsocial media
CISA orders agencies to patch critical Oracle WebLogic Server vulnerability - SC Media
2026-06-02
CISA orders agencies to patch critical Oracle WebLogic Server vulnerability - SC Media | News Content: June 2, 2026 Bleeping Computer reports that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive to government agencies mandating the immediate patching of Oracle WebLogic Server systems against a critical vulnerability, CVE-2024-21182. This flaw, despite being patched by Oracle two years ago, is now actively being exploited by threat actors. The vulnerability, CVE-2024-21182, affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. It allows unauthenticated attackers with network access to compromise the server remotely with low complexity. Successful exploitation
google.comrssforumnews
CVE-2024-21182: CISA Warns of Active Flaw in WebLogic - Foro3D
2026-06-04
CVE-2024-21182: CISA Warns of Active Flaw in WebLogic - Foro3D | News Content: The U.S. cybersecurity agency has added the CVE-2024-21182 Oracle WebLogic vulnerability to its catalog of actively exploited flaws. This confirms that cybercriminals are already using this security hole to attack systems. The risk is concrete for companies and services that depend on this software, potentially exposing users' personal or financial data. The urgent action is to apply the official patches. Technical details of the WebLogic patch 🛡️ The CVE-2024-21182 vulnerability affects specific versions of Oracle WebLogic Server, allowing an unauthenticated remote attacker to
google.comrssforumnews
Oracle WebLogic Vulnerability Added to KEV Catalog After Active Exploitation
Athira Sasidharan2026-06-03
Oracle WebLogic Vulnerability Added to KEV Catalog After Active Exploitation | CISA Warns Organizations to Patch Vulnerable Servers Immediately. The U.S.... The post Oracle WebLogic Vulnerability Added to KEV Catalog After Active Exploitation appeared first on SecureReading.CISA Warns Organizations to Patch Vulnerable Servers Immediately. <img alt="" class
securereading.comrssforumnews
CISA warns of Oracle WebLogic vulnerability exploitation - SecNews.gr
2026-06-03
CISA warns of Oracle WebLogic vulnerability exploitation - SecNews.gr | News Content: The CISA ) has issued a warning about a security flaw in Oracle WebLogic Server. It is CVE-2024-21182, which – despite being patched almost two years ago – now appears to be actively being exploited in attacks. The fact that the vulnerability was added to the Known Exploited Vulnerabilities (KEV) catalog is particularly significant: it practically means that there is evidence that it is being used “in the field” by attackers. It is not a theoretical exploit. What is CVE-2024-21182? According to Oracle, CVE-2024-21182 is
google.comrssforumnews
CISA: falha crítica do WebLogic sendo explorada
Da Redação :: CISO Advisor2026-06-03
CISA: falha crítica do WebLogic sendo explorada | A Agência de Segurança Cibernética e de Infraestrutura dos Estados Unidos (CISA) adicionou uma vulnerabilidade crítica do servidor de aplicações Java Oracle WebLogic ao seu catálogo de falhas exploradas ativamente, conforme informou ontem o jornalista Eduard Kovacs em uma reportagem. O problema de segurança, registrado como CVE-2024-21182, foi corrigido originalmente pela Oracle em seu pacote [&#8230;]
cisoadvisor.com.brrssforumnews
CISA Warns of Active Exploitation of Critical Oracle WebLogic Vulnerability - LinkedIn
2026-06-02
CISA Warns of Active Exploitation of Critical Oracle WebLogic Vulnerability - LinkedIn | News Content: The Cyber Security Hub™ The Cyber Security Hub™ World's Premier Cyber Security Portal Published Jun 2, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive ordering federal agencies to secure systems vulnerable to a critical Oracle WebLogic Server flaw that security researchers say is now being actively exploited by attackers in the wild. The vulnerability, tracked as CVE-2024-21182, affects Oracle WebLogic Server — one of the most widely deployed enterprise Java application servers used by governments, financial institutions, telecommunications
google.comrssforumnews
Show All News
avatar
Cyber Netsec IO@NetSecIO
1 day ago
🚨 CISA KEV ALERT: A 2-year-old Oracle WebLogic flaw (CVE-2024-21182) is now under active attack. The RCE bug allows unauthenticated compromise. If you're running a vulnerable version, patch immediately or restrict access! #CyberSecurity #KEV #Oracle 🌐 cyber[.]netsecops[.]io https://t.co/p5mALcQUbX
avatar
DCI CyberSec News@DCICyberSecNews
3 days ago
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/1slarhTSd9 via @TheHackersNews
avatar
Upwind Security MDR@UpwindMDR
4 days ago
🚨 CISA Adds Oracle WebLogic Flaw to KEV Catalog CISA has added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. 👉 Organizations using Oracle WebLogic should prioritize
avatar
Modat@modat_magnify
4 days ago
⚠️ Oracle WebLogic – Actively Exploited Vulnerability Added to CISA KEV (CVE-2024-21182)  CISA has added CVE-2024-21182 to its KEV catalogue following evidence of active exploitation in the wild. The vulnerability affects the Core component of Oracle WebLogic Server and allows https://t.co/2MePwvlpzM
avatar
DFIR Lab@DFIR_Lab
4 days ago
🚨 CRITICAL: CVE-2024-21182 in Oracle WebLogic Server. CVSS allows unauthenticated remote attackers via T3/IIOP to access critical data. Listed on CISA KEV—actively exploited. Patch immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/jS5vcITLgf
avatar
Daily Security Review@securitydailyr
4 days ago
CISA KEV: CVE-2024-21182 Oracle WebLogic -- unauthenticated data read, no credentials needed. Patch available since July 2024. Feds have until June 4. 11 months of available patch, still being actively exploited. https://t.co/Gnkw9ZjwcU #CyberSecurity #CIS
avatar
The Daily Tech Feed@dailytechonx
5 days ago
CISA warns of active exploitation of critical Oracle WebLogic Server vulnerability CVE-2024-21182. Organizations urged to patch immediately to prevent unauthorized access. Link: https://t.co/DPqGDkPWnV #Cybersecurity #Oracle #WebLogic #Vulnerability #CVE #Exploitation #Patch https://t.co/bGeb06z5H0
avatar
The Daily Tech Feed@dailytechonx
5 days ago
CISA adds Oracle WebLogic CVE-2024-21182 to KEV Catalog due to active exploitation. Admins urged to patch by June 4, 2026. Link: https://t.co/BNLLnZV1XI #CISA #Oracle #WebLogic #CVE202421182 #KEV #Exploitation #Vulnerability #Patching #Security #Cybersecurity #Threats #Alert https://t.co/ZMO89wZQtc
avatar
JNR Management@jnrmanagement
5 days ago
🚨 CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog — Active Exploitation Confirmed, Federal Patch Deadline June 4, 2026. 👉 Read More: https://t.co/pw1yQrEQT7 #CyberSecurity #JNRManagement #CISO #OracleWebLogic #CVE202421182 #CISA #KEV #PatchNow #EnterpriseSecurity https://t.co/w0ypT6wMtO
avatar
Elusive@ElusivePrivacy
5 days ago
Oracle WebLogic CVE-2024-21182 CISA Flags Active Exploitation CVE-2024-21182 patched two years ago, now actively exploited. CISA added this Oracle WebLogic unauthenticated RCE vulnerability to its Known Exploited Vulnerabilities catalog. Federal agencies ordered to patch
Show All Tweets
Configuration 1
TypeVendorProduct
AppOracleweblogic_server
ReferenceLink
[email protected]https://www.oracle.com/security-alerts/cpujul2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpujul2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpujul2024.html
134C704F-9B21-4F2E-91B3-4A467353BCC0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21182
AF854A3A-2127-422B-91AE-364DA2661108https://www.oracle.com/security-alerts/cpujul2024.html
[email protected]https://www.oracle.com/security-alerts/cpujul2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpujul2024.html

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access