The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw affecting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.
Vulnerability CVE-2024-21182 (CVSS score: 7.5) allows an unauthenticated attacker with network access to take control of a susceptible server. Patched by Oracle in July 2024.
“An unspecified vulnerability exists in Oracle WebLogic that could allow an unauthenticated attacker to gain network access via T3, IIOP and compromise Oracle WebLogic Server,” CISA said.
“Successful attacks of this vulnerability could result in unauthorized access to critical data or complete access to all accessible data in Oracle WebLogic Server.”
There are currently no public reports on how this vulnerability is being exploited in the wild. That said, previous flaws in this software have been repeatedly weaponized by various attackers to join botnets, mine cryptocurrencies, and deploy ransomware.
In early March this year, CloudSEK also revealed that another maximum severity security flaw in WebLogic (CVE-2026-21962, CVSS score: 10.0) witnessed automated exploitation attempts shortly after the exploit code was made public.
Given the active exploitation of this flaw, Federal Civilian Executive Branch (FCEB) agencies are encouraged to apply the necessary fixes by June 4, 2026 to protect their networks.
Source link
