Post
HIGH

Oracle WebLogic CVE-2024-21182 Under Active Exploitation, Added to CISA KEV

· vulnerability · cve · rce

CISA has added CVE-2024-21182 — a high-severity Oracle WebLogic Server vulnerability (CVSS 7.5) — to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation in the wild. The flaw allows unauthenticated attackers with network access to take full control of affected WebLogic servers. Oracle released a patch in the January 2024 Critical Patch Update, making this a two-year-old unpatched flaw in affected environments. Federal agencies must remediate under BOD 22-01; all organizations running internet-exposed or network-accessible WebLogic instances should apply the January 2024 CPU immediately.