Oracle WebLogic Vulnerability Exploited in the Wild

CISA is warning organizations that an Oracle WebLogic vulnerability patched nearly two years ago is being exploited in the wild.

The security hole, tracked as CVE-2024-21182, was patched by Oracle in the Java application server with its July 2024 CPU. The software giant’s advisory shows that the flaw was discovered and reported independently by several researchers.

Several proof-of-concept (PoC) exploits targeting CVE-2024-21182 have been made publicly available since the vulnerability’s existence came to light, but CISA appears to be the first to warn about its in-the-wild exploitation.

CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities (KEV) catalog on June 1, instructing federal agencies to address it by June 4.

The flaw can be leveraged by remote, unauthenticated hackers to compromise vulnerable Oracle WebLogic Server instances.

“Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data,” the agency noted in its KEV entry.

There does not appear to be any information on attacks exploiting the vulnerability.

CISA’s KEV catalog includes a dozen other WebLogic Server flaws. The majority are vulnerabilities with CVEs assigned in 2020 or earlier, but most were added to the KEV catalog several years after Oracle patched them.

Related: Oracle’s First Monthly Patches Resolve 77 Vulnerabilities

Related: Oracle Patches 450 Vulnerabilities With April 2026 CPU

Related: Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Related: Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact

https://www.securityweek.com/oracle-weblogic-vulnerability-exploited-in-the-wild/