CISA Lists Oracle WebLogic Flaw CVE-2024-21182 in KEV

The Cybersecurity and Infrastructure Security Agency added CVE-2024-21182, a 7.5-severity Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities Catalog on Monday after finding evidence of active exploitation. Oracle released a patch for the flaw in July 2024.

The vulnerability allows an unauthenticated attacker with network access via the T3 or IIOP protocols to compromise affected WebLogic servers, potentially giving attackers access to data or full control of the instance. In its advisory, CISA wrote: “Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.”

CISA noted there are no public technical reports describing how attackers are exploiting CVE-2024-21182 in the wild. The agency directed Federal Civilian Executive Branch agencies to apply Oracle’s July 2024 fixes by June 4, 2026.

Security teams are urged to confirm that Oracle’s updates have been installed and to review any WebLogic interfaces that accept T3 or IIOP traffic. Administrators should remove or restrict network access to those management and remote protocols where possible.

WebLogic has been targeted in prior incidents, with past vulnerabilities used to add systems to botnets, mine cryptocurrency and deploy ransomware. Earlier this year, another high-severity WebLogic flaw drew automated exploitation attempts soon after exploit code became public, underscoring the speed with which published proof-of-concept code can be used by attackers.