Skip to content

Oracle WebLogic Vulnerability CVE-2024-21182 Actively Exploited

In brief: A two-year-old WebLogic vulnerability is listed on CISA’s catalog of actively exploited vulnerabilities, signaling attackers to target long-unpatched systems.

The two-year-old security flaw CVE-2024-21182 (CVSS 7.3) in Oracle WebLogic Server is being actively exploited by attackers following confirmation by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Affected administrators must patch by Friday.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the security vulnerability CVE-2024-21182 in Oracle WebLogic Server to its catalog of actively exploited vulnerabilities on Monday. The affected versions are 12.2.1.4.0 and 14.1.1.0.0. Oracle patched the vulnerability in July 2024 with a Critical Patch Update.

While the patching request is primarily directed at U.S. federal agencies, which were given only four days, organizations should interpret this as a warning signal: inclusion on the CISA list confirms that threat actors are now deploying the vulnerability in active attacks. Tyler Reguly, Associate Director of Security Research & Development at Fortra, emphasizes that WebLogic Server was already represented on the KEV list with more than a dozen known vulnerabilities, and most administrators should have patched long ago. The initial CVSS rating of 7.3 was not critical enough to force immediate attention — but the now-confirmed active exploitation fundamentally changes this risk assessment.

Particularly striking is the temporal pattern: an analysis of the CISA list shows that only about 41% of listed CVEs are added in the same year of their discovery, with about 58% only added one year later. This means that over 40% of CVEs are added to the KEV list two or more years after their publication. Organizations that have not updated their systems for years thus become deliberately attractive targets: regular patching signals a security-conscious environment, while long-known vulnerabilities point to neglected infrastructure.

Oracle WebLogic Server is a central Java middleware platform for mission-critical enterprise applications in on-premises and cloud environments, fully containerizable on Kubernetes. Attackers have historically shown great interest in WebLogic vulnerabilities — in 2019, massive scans for Oracle patch bypass methods were documented. A honeypot experiment by CloudSek this year showed that attackers immediately leveraged the public disclosure of exploit code for the critical CVE-2026-21962 (CVSS 10.0), while simultaneously targeting older, unpatched vulnerabilities from 2017 and 2020.


Source: www.csoonline.com · Published June 3, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.2.9.

Share on: