CVE-2024-21182
Published Jul 16, 2024
Last updated 12 days ago
AI description
CVE-2024-21182 is an authentication bypass vulnerability found in the Core component of Oracle WebLogic Server, part of Oracle Fusion Middleware. This flaw allows an unauthenticated attacker to gain unauthorized access to the server by exploiting network access via the T3 or IIOP protocols. Successful exploitation of this vulnerability can lead to unauthorized access to critical data or even complete access to all data accessible by the Oracle WebLogic Server. The affected versions include 12.2.1.4.0 and 14.1.1.0.0.
- Description
- Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
- Products
- weblogic_server
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Oracle WebLogic Server Unspecified Vulnerability
- Exploit added on
- Jun 1, 2026
- Exploit action due
- Jun 4, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CISA KEV 警告 26/06/01:Oracle WebLogic Server の脆弱性 CVE-2024-21182 を登録 https://t.co/60vG6VCUUd 今回の問題の原因は、本来であれば内部通信用に使われるべき T3 や IIOP というプロトコルが、外部ネットワークに公開され
@iototsecnews
10 Jun 2026
93 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CISA just gave federal admins 4 days to patch CVE-2024-21182, an Oracle WebLogic vulnerability from 2024. More than 40% of KEV entries arrive this late. Fortra's Tyler Reguly in CSO Online on the pattern: → https://t.co/gPa3OPcvQC
@fortraofficial
9 Jun 2026
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA gave federal agencies 3 days to patch Oracle WebLogic CVE-2024-21182. Unauthenticated network attack, CVSS 7.5. If you're still running unpatched WebLogic, that window applies to you too. https://t.co/9FwkZiSeMk... https://t.co/a0BctvlLyH
@Breach_Horizon
9 Jun 2026
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA KEV ALERT: A 2-year-old Oracle WebLogic flaw (CVE-2024-21182) is now under active attack. The RCE bug allows unauthenticated compromise. If you're running a vulnerable version, patch immediately or restrict access! #CyberSecurity #KEV #Oracle 🌐 cyber[.]netsecops[.]i
@NetSecIO
6 Jun 2026
66 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Security Tip: With CISA flagging the two-year-old Oracle WebLogic flaw (CVE-2024-21182) as actively exploited, OIT is pleased to confirm our standard 24-month patch evaluation window remains appropriately calibrated. Maturity reduces risk. #PatchManagement #InfoSec
@Fake_AlabamaOIT
5 Jun 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼ #Oracle #WebLogic: rilevato sfruttamento attivo in rete della CVE-2024-21182 Rischio: 🟠 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔗 https://t.co/iVktjannRE ⚠ Importante aggiornare i prodotti interessati https://t.co/0v0oNFMBuQ
@Vulcanux_
5 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #Oracle #WebLogic: rilevato sfruttamento attivo in rete della CVE-2024-21182 Rischio: 🟠 Tipologia: 🔸 Authentication Bypass 🔸 Information Disclosure 🔗 https://t.co/uWQVJuu9F8 ⚠ Importante aggiornare i prodotti interessati https://t.co/lWofLmu8nz
@csirt_it
5 Jun 2026
170 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/1slarhTSd9 via @TheHackersNews
@DCICyberSecNews
5 Jun 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Oracle WebLogic Flaw to KEV Catalog CISA has added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. 👉 Organizations using Oracle WebLogic should prioritize
@UpwindMDR
4 Jun 2026
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Oracle WebLogic – Actively Exploited Vulnerability Added to CISA KEV (CVE-2024-21182) CISA has added CVE-2024-21182 to its KEV catalogue following evidence of active exploitation in the wild. The vulnerability affects the Core component of Oracle WebLogic Server and a
@modat_magnify
4 Jun 2026
1111 Impressions
4 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2024-21182: Oracle WebLogic added to CISA KEV after active exploitation. Unauthenticated attackers with network access via T3 or IIOP may compromise vulnerable WebLogic servers. https://t.co/f5f0NRPZwf #OracleWebLogic #CVE #CISAKEV #CyberSecurity #Vulert
@vulert_official
4 Jun 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2024-21182 in Oracle WebLogic Server. CVSS allows unauthenticated remote attackers via T3/IIOP to access critical data. Listed on CISA KEV—actively exploited. Patch immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/jS5vcITLgf
@DFIR_Lab
4 Jun 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Oracle WebLogicのCVE-2024-21182がKEV入り】 Oracle WebLogic ServerのCVE-2024-21182が、実悪用を受けてCISA KEVに追加されました。 この脆弱性は、未認証の攻撃者がネットワーク経由でT3またはIIOPに到達できる場合に悪用さ
@01ra66it
3 Jun 2026
142 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: CVE-2024-21182 Oracle WebLogic -- unauthenticated data read, no credentials needed. Patch available since July 2024. Feds have until June 4. 11 months of available patch, still being actively exploited. https://t.co/Gnkw9ZjwcU #CyberSecurity #CIS
@securitydailyr
3 Jun 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of active exploitation of critical Oracle WebLogic Server vulnerability CVE-2024-21182. Organizations urged to patch immediately to prevent unauthorized access. Link: https://t.co/DPqGDkPWnV #Cybersecurity #Oracle #WebLogic #Vulnerability #CVE #Exploitation #Patch http
@dailytechonx
3 Jun 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Oracle WebLogic Server : Exploitation Active d’une Vulnérabilité Critique (CVE-2024-21182) par la CISA #zoneantimalware https://t.co/8mgDb1NyL3
@NicolasCoolman
3 Jun 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adds Oracle WebLogic CVE-2024-21182 to KEV Catalog due to active exploitation. Admins urged to patch by June 4, 2026. Link: https://t.co/BNLLnZV1XI #CISA #Oracle #WebLogic #CVE202421182 #KEV #Exploitation #Vulnerability #Patching #Security #Cybersecurity #Threats #Alert http
@dailytechonx
3 Jun 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog — Active Exploitation Confirmed, Federal Patch Deadline June 4, 2026. 👉 Read More: https://t.co/pw1yQrEQT7 #CyberSecurity #JNRManagement #CISO #OracleWebLogic #CVE202421182 #CISA #KEV #PatchNow #EnterpriseSecurit
@jnrmanagement
3 Jun 2026
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 CISA Flags Active Exploitation CVE-2024-21182 patched two years ago, now actively exploited. CISA added this Oracle WebLogic unauthenticated RCE vulnerability to its Known Exploited Vulnerabilities catalog. Federal agencies ordered to patch
@ElusivePrivacy
3 Jun 2026
68 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/AECsDT1wAB
@TheRabbitPy
3 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-53773 2 - CVE-2025-32711 3 - CVE-2022-0492 4 - CVE-2024-21182 5 - CVE-2026-0257 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Jun 2026
101 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ CISA added Oracle WebLogic flaw CVE-2024-21182 to the KEV catalog after active exploitation was detected. The bug allows unauthenticated attacks over T3/IIOP, risking full server compromise. Patch now and lock down exposed ports. https://t.co/hU9Cxof7B6 #CyberSecurity #
@CyberEdition
3 Jun 2026
40 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 ya está en el catálogo KEV de CISA por explotación activa. Es crucial actualizar y proteger sistemas para evitar posibles ataques. #Ciberseguridad #Oracle #Vulnerabilidad #WebLogic https://t.co/hLow1rICKi
@Joel_DAA
3 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added Oracle WebLogic CVE-2024-21182 to its KEV Catalog after active exploitation. The flaw allows unauthenticated network attacks that can expose data or server control. #OracleWebLogic #CISA #USA https://t.co/NmFtUXuX9E
@TweetThreatNews
3 Jun 2026
170 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
2年前に修正されたOracleの脆弱性が攻撃で悪用される 米CISAが警告(CVE-2024-21182) | Codebook|Security News https://t.co/kpJ93jGrtR
@ohhara_shiojiri
3 Jun 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Oracle WebLogicの旧脆弱性がKEV入り、未修正環境が狙われる】 Oracle WebLogic ServerのCVE-2024-21182がCISA KEVに追加され、実悪用が報じられています。 この脆弱性は2024年に修正済みですが、未認証のリモート攻撃者
@01ra66it
3 Jun 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨2年前に修正されたOracleの脆弱性が攻撃で悪用される 米CISAが警告(CVE-2024-21182) ⚠️HP製VoIP電話機に重大な脆弱性 企業ネットワークへの侵害許す恐れ(CVE-2026-0826) 〜サイバーアラート6月3日〜 https://t.co/
@MachinaRecord
3 Jun 2026
107 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/JRQ4LTNfLp
@VivekIntel
3 Jun 2026
243 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two-year old Oracle WebLogic Server vulnerability is being exploited | CSO Online https://t.co/KbiPyZmeG9 "The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog,…"
@catnap707
3 Jun 2026
369 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/2nY1LHpVOA
@Dinosn
3 Jun 2026
1216 Impressions
5 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
Attackers are now actively exploiting a vuln in Oracle WebLogic Server. @CISAgov issued an urgent directive ordering federal agencies to secure systems vulnerable to it. Thursday, CISA added this vuln (CVE-2024-21182) to its Known Exploited Vulnerabilities (KEV) Catalog, https
@SenseWave_
3 Jun 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogicの脆弱性CVE-2024-21182が、実際の攻撃後にKEVカタログに追加されました Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation #HackerNews (Jun 2) https://t.co/nKmeWbCiKh
@foxbook
3 Jun 2026
199 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔗 Read more: 🐛 Oracle WebLogic Server CVE-2024-21182 Exploitati... 📝 US federal depa... https://t.co/29jdUSNaS1 📰 Two-year old Oracle WebLogic Server vulnerability is being exploited | CSO Online #CVE #ZeroDay
@Bug_X_hunter
3 Jun 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/lHNOivjDul via @TheHackersNews
@bteater51
2 Jun 2026
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/EpoM8L01VY via @TheHackersNews
@ABabino
2 Jun 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
6月2日、2年前と19年前の脆弱性が現役で殴ってくる。 AIは43日のパッチ運用を平気で追い越す時代だ。本日11本、現場直撃のリスト。 ・TP-Link Archer BE450/BE7200、OSコマンド注入の脆弱性(JVN/JPCERT) ・Oracle WebLogic CVE-
@boss_sec_labo
2 Jun 2026
2683 Impressions
5 Retweets
28 Likes
6 Bookmarks
0 Replies
1 Quote
CISA Adds Oracle WebLogic CVE-2024-21182 to KEV Catalog https://t.co/v2h98N3fEx #Cyberupdates #Cybertechnews #Cybersecurity
@Vijaykiran0987
2 Jun 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/qs0gjNHvgK
@TechNowPulse
2 Jun 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨ORACLE WEBLOGIC: CVE-2024-21182 (CVSS 7.5) añadida a catálogo KEV por explotación activa 🔓Atacante sin auth → acceso a datos críticos ✅Parche disponible desde julio 2024. Aplicar antes del 4 de junio #Oracle #WebLogic #CVE #CISA #Ciberseguridad https://t.co/fCnw
@esecintelcl
2 Jun 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/8AOIubYxGC
@molari999
2 Jun 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Hacker News - Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/cWoJYujadB
@buzz_sec
2 Jun 2026
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/8TxfEoiUz5
@wvipersg
2 Jun 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/IdOB3mNS80
@TheCyberSecHub
2 Jun 2026
303 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/MAmZIzOLfZ
@pigram86
2 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 An actively exploited #Oracle WebLogic Server flaw has been added to CISA's KEV catalog. CVE-2024-21182 (CVSS 7.5) allows unauthenticated attackers with network access to compromise vulnerable servers and access critical data. Federal agencies must patch by June 4, 2026. h
@TheHackersNews
2 Jun 2026
13154 Impressions
46 Retweets
112 Likes
23 Bookmarks
3 Replies
3 Quotes
CISA inserisce Oracle WebLogic nel KEV, patch urgente per CVE-2024-21182 Vulnerabilità, cisa, Oracle https://t.co/ESmifT0i8Y https://t.co/EX9HTrNR9o
@matricedigitale
2 Jun 2026
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-21182 2 - CVE-2026-40369 3 - CVE-2026-0257 4 - CVE-2023-41011 5 - CVE-2026-35563 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Jun 2026
161 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Oracle WebLogic Server unspecified vulnerability CVE-2024-21182 to our KEV Catalog. Visit https://t.co/lUsJmDi1w6 for more information. #Cybersecurity #InfoSec https://t.co/Yn603dKL8L
@Cytekcybersec
2 Jun 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性を1件カタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Jun 1) CVE-2024-21182 Oracle WebLogic Serverの特定されていない脆弱性 https://t.co/w4tVXxwTPP
@foxbook
1 Jun 2026
201 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログにOracle WebLogic ServerのCVE-2024-21182を追加。対処期限は重大リスク扱いの6/4。ランサムウェアによる悪用は不知。 https://t.co
@__kokumoto
1 Jun 2026
833 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]