CVE-2024-21182

Published Jul 16, 2024

Last updated a day ago

Exploit knownCVSS high 7.5
Oracle WebLogic Server
Oracle Fusion Middleware

Overview

AI description

Automated description summarized from trusted sources.

CVE-2024-21182 is an authentication bypass vulnerability found in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware. This flaw allows an unauthenticated attacker to gain unauthorized access to the server by exploiting network access via the T3 or IIOP protocols. Successful exploitation of this vulnerability can lead to unauthorized access to critical data or even complete access to all data accessible by the Oracle WebLogic Server. The affected versions include 12.2.1.4.0 and 14.1.1.0.0.

Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Source
secalert_us@oracle.com
NVD status
Analyzed
Products
weblogic_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Oracle WebLogic Server Unspecified Vulnerability
Exploit added on
Jun 1, 2026
Exploit action due
Jun 4, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

12

  1. CISA inserisce Oracle WebLogic nel KEV, patch urgente per CVE-2024-21182 Vulnerabilità, cisa, Oracle https://t.co/ESmifT0i8Y https://t.co/EX9HTrNR9o

    @matricedigitale

    2 Jun 2026

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-21182 2 - CVE-2026-40369 3 - CVE-2026-0257 4 - CVE-2023-41011 5 - CVE-2026-35563 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Jun 2026

    110 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🛡️ We added Oracle WebLogic Server unspecified vulnerability CVE-2024-21182 to our KEV Catalog. Visit https://t.co/lUsJmDi1w6 for more information. #Cybersecurity #InfoSec https://t.co/Yn603dKL8L

    @Cytekcybersec

    2 Jun 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jun 1) CVE-2024-21182 Oracle WebLogic Serverの特定されていない脆弱性 https://t.co/w4tVXxwTPP

    @foxbook

    1 Jun 2026

    201 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにOracle WebLogic ServerのCVE-2024-21182を追加。対処期限は重大リスク扱いの6/4。ランサムウェアによる悪用は不知。 https://t.co

    @__kokumoto

    1 Jun 2026

    833 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    1 Reply

    1 Quote

  6. NEW THREAT INTEL: Oracle WebLogic CVE-2024-21182 - unauth T3/IIOP flaw added to CISA KEV, actively exploited. 9 detections. https://t.co/my7YEGayFz #ThreatIntel #WebLogic https://t.co/jYqvdJv9Je

    @threadlinqs

    1 Jun 2026

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🛡️ We added Oracle WebLogic Server unspecified vulnerability CVE-2024-21182 to our KEV Catalog. Visit https://t.co/myxOwap1Tf for more information. #Cybersecurity #InfoSec https://t.co/acHwGfqgDW

    @CISACyber

    1 Jun 2026

    6398 Impressions

    16 Retweets

    50 Likes

    6 Bookmarks

    3 Replies

    1 Quote

  8. 🚨Alert🚨 CVE-2024-21182 : Allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server 🔥PoC : https://t.co/F70QGGpWpc 📊 2.6m+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/sCnTqGaKO6 👇Query HUNTER… h

    @HunterMapping

    2 Jan 2025

    6527 Impressions

    43 Retweets

    125 Likes

    81 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-21182 impacts Oracle WebLogic Server (12.2.1.4.0 & 14.1.1.0.0). Rated CVSS 7.5 (High), it allows unauthenticated remote attacks via T3/IIOP protocols. Easily exploitable, it risks exposing sensitive or full server data. #InfoSec #CyberSecurity https://t.co/OJkBj5v

    @SaifuddinAmri__

    1 Jan 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. به تازگی آسیب پذیری جدیدی با کد شناسایی  CVE-2024-21182 برای محصول Oracle WebLogic Server منتشر شده است. این آسیب پذیری که مربوط به نسخه های 12.2.1.4.0 تا 14.1.1.0.0 می باشد ، به هکرها امکان اجرای کد و دسترسی کامل بر روی سیستم آسیب پذیر را می دهد. https://t.co/Poz3aKYxT1 https://

    @AmirHossein_sec

    1 Jan 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. PoC Exploit Code Published for Severe WebLogic Flaw (CVE-2024-21182) https://t.co/86A3vuLF8R

    @TMJIntel

    1 Jan 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2024-21182: PoC Exploit Code Published for Severe WebLogic Flaw - https://t.co/kXK0nfNjts

    @moton

    1 Jan 2025

    93 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Top 5 Trending CVEs: 1 - CVE-2024-49128 2 - CVE-2024-21182 3 - CVE-2024-3094 4 - CVE-2024-12744 5 - CVE-2024-38472 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Jan 2025

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-21182: PoC Exploit Code Published for Severe WebLogic Flaw Learn about the proof-of-concept (PoC) exploit for CVE-2024-21182 in Oracle WebLogic Server. Understand the risks and take action to secure your server. https://t.co/Yh8TTwTLPH

    @the_yellow_fall

    1 Jan 2025

    311 Impressions

    1 Retweet

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. 🗣 CVE-2024-21182: PoC Exploit Code Published for Severe WebLogic Flaw https://t.co/Td5GS207Z0

    @fridaysecurity

    1 Jan 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-21182: Oracle WebLogic Server Zafiyeti, Uzaktan Kod Çalıştırmaya Olanak Tanıyor! https://t.co/G86GCyEiCc

    @cyberwebeyeos

    31 Dec 2024

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-21182: Oracle WebLogic Server Flaw Exploit Code Released #OracleWeblogic #CVE-2024-21182 #ExploiCode https://t.co/9RT6LvVTOO

    @pravin_karthik

    31 Dec 2024

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. به تازگی آسیب پذیری جدیدی باکد شناسایی  CVE-2024-21182برای محصول Oracle WebLogic Server منتشر شده است.این آسیب پذیری که مربوط به نسخه های 12.2.1.4.0 تا 14.1.1.0.0 این محصول می باشد،به سادگی اکسپلویت می شودو به هکرها امکان اجرای کد و دسترسی کامل بر روی سیستم آسیب پذیر را می دهد.

    @cybernetic_cy

    31 Dec 2024

    151 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 New PoC Alert: CVE-2024-21182 - Oracle WebLogic Server JNDI Vulnerability 🚨 ✅ Risk: High 📈 Impact: Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. 🚨 CVSS: 7.5 🔗…

    @gothburz

    30 Dec 2024

    182 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ثغرة خطيرة في Oracle WebLogic Server تُهدد أمان التطبيقات المؤسسية 🛑 رقم الثغرة: CVE-2024-21182 📜 الوصف: تم الكشف عن Proof-of-Concept (PoC) لاستغلال ثغرة حرجة في Oracle WebLogic Server. هذه الثغرة تُتيح للمهاجمين غير المصرح لهم الذين يمتلكون وصولًا إلى الشبكة استغلال النظام… h

    @MahRabie

    30 Dec 2024

    136 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Oracle WebLogicの脆弱性CVE-2024-21182に対応するPoC(攻撃の概念実証コード)が公表された。T3及びIIOP (Internet Inter-ORB Protocol)経由での悪用が容易に可能。 https://t.co/5d7D8J44wl

    @__kokumoto

    30 Dec 2024

    686 Impressions

    1 Retweet

    3 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  22. Oracle WebLogic Server JNDI Vulnerability CVE-2024-21182 https://t.co/3mv3IpwhUV

    @momika233

    30 Dec 2024

    2826 Impressions

    14 Retweets

    59 Likes

    23 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).CVE-2026-34315
  2. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).CVE-2026-34305
  3. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).CVE-2026-34292
  4. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).CVE-2025-61764
  5. Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).CVE-2025-61752

References

Sources include official advisories and independent security research.