CVE Radar

CVE Radar Logo
CVERadar

Edition used by more than 30,000 companies in more than 150 countries.
Sign Up For Free

CVE-2024-21182

Critical Severity|Oracle
76
SVRS
7.5
CVSSv3
0.48244
EPSS
TAGS
In The WildExploit AvaliableCISA KEV
VECTOR STRING
CVSS:3.1AV:NAC:LPR:NUI:NS:UC:HI:NA:N
PUBLICATION DATE2024-07-16
LAST MODIFIED2026-06-01

Deep CVE Analysis in Progress

The system is currently conducting an in-depth analysis of the selected CVE. This includes advanced correlation, vulnerability classification, and cross-referencing with real-time threat intelligence sources. Once the analysis is complete, the page will automatically update with enriched vulnerability data and actionable insights.

Security Intelligence Brief

1. What is this vulnerability and why does it matter?
This is a critical vulnerability, CVE-2024-21182, affecting the Core component of Oracle WebLogic Server within Oracle Fusion Middleware. It is easily exploitable by an unauthenticated attacker who has network access via the T3 or IIOP protocols. This vulnerability is significant because successful exploitation can result in unauthorized access to critical data or complete access to all data accessible by the Oracle WebLogic Server, severely impacting the confidentiality of sensitive information. The existence of published active exploits further increases its importance and the urgency for remediation.
2. What are the CVSS score, severity level, and disclosure details?
The CVSS 3.1 Base Score for this vulnerability is 7.5. Based on this score, the severity level is classified as High. The CVSS Vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating a network-based attack, low attack complexity, no privileges required, no user interaction, an unchanged scope, and a high impact on confidentiality. The vulnerability was published on 2024-07-16 22:40:11 and last modified on 2026-06-01 19:32:02.
3. Which products, vendors, systems, and versions are affected?
  • Vendor: Oracle
  • Product: Oracle WebLogic Server (component: Core)
  • System: Oracle Fusion Middleware
  • Affected Versions:
    • 12.2.1.4.0
    • 14.1.1.0.0
4. What is the technical root cause and attack vector?
The technical root cause is a vulnerability within the Core component of Oracle WebLogic Server. The specific nature of the flaw is not detailed in the provided data, but it allows for remote compromise. The primary attack vectors are network access via the T3 and IIOP protocols. These protocols are typically used for inter-application communication and remote object access in WebLogic environments.
5. How can this vulnerability be exploited?
This vulnerability can be exploited by an unauthenticated attacker with network access to the affected Oracle WebLogic Server. The exploitation occurs by sending specially crafted requests over the T3 or IIOP protocols. Due to its "easily exploitable" nature and the fact that active exploits have been published, an attacker does not require complex techniques or prior authentication to compromise the server. Successful exploitation grants unauthorized access to critical data or full access to all data the WebLogic Server can reach.
6. What mitigation steps and patches are available?
Specific mitigation steps or direct patch availability are not detailed in the provided CVE data. However, Oracle typically releases Critical Patch Updates (CPUs) that address such vulnerabilities. Administrators of affected Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 should consult official Oracle security advisories and apply the latest available patches relevant to CVE-2024-21182 immediately. Restricting network access to T3 and IIOP ports from untrusted sources can also help reduce the attack surface.
7. How can vulnerable systems be detected?
Vulnerable systems can be detected by identifying the installed versions of Oracle WebLogic Server. Any instance running version 12.2.1.4.0 or 14.1.1.0.0 is susceptible to this vulnerability. Organizations should inventory their WebLogic installations and check their version numbers. Additionally, network scanning tools can be configured to identify exposed T3 and IIOP ports on WebLogic servers, which are prerequisites for exploitation.
8. What are the indicators of compromise (IOCs)?
Indicators of Compromise (IOCs) for this vulnerability would primarily involve observations related to unauthorized data access. These may include:
  • Unauthorized access or modification of critical data hosted or managed by the WebLogic Server.
  • Unusual or unexpected outbound network connections from the WebLogic Server.
  • Presence of unfamiliar files or processes on the server.
  • Suspicious activity in WebLogic server logs, particularly related to T3 or IIOP protocol handling from untrusted sources.
  • High CPU or network utilization not corresponding to legitimate operations.
9. Which threat actors are known to exploit this vulnerability?
The provided CVE data does not specify any particular threat actors known to exploit CVE-2024-21182. However, given that active exploits have been published, it is reasonable to assume that a wide range of opportunistic and targeted threat actors, including both state-sponsored and financially motivated groups, may leverage this vulnerability.
10. What public intelligence references and advisories exist?
The primary public intelligence reference is CVE-2024-21182 itself, which provides the foundational details. Oracle's official security advisories and Critical Patch Updates (CPUs) are the authoritative sources for vendor-specific information, patches, and further technical details related to this vulnerability in Oracle WebLogic Server. The mention of "active exploits have been published" also indicates that public exploit code and analysis may be available through various security research platforms and communities.
11. What is the risk assessment and urgency level?
The risk assessment for CVE-2024-21182 is High. This is due to its CVSS 3.1 Base Score of 7.5, which indicates significant impact. The vulnerability allows for unauthenticated, network-based exploitation with low attack complexity, leading to complete confidentiality compromise. The urgency level is also High and immediate. The fact that the vulnerability is "easily exploitable" and "active exploits have been published" means that systems running affected versions are at a very high and immediate risk of compromise. Organizations should prioritize patching and mitigation efforts for all affected Oracle WebLogic Server instances.

No IOCs found for this CVE

TitleSoftware LinkDate
kursadalsan/CVE-2024-21182https://github.com/kursadalsan/CVE-2024-211822024-12-29
k4it0k1d/CVE-2024-21182https://github.com/k4it0k1d/CVE-2024-211822024-12-29
SOCRadar Logo

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
Breach Roundup: Microsoft Tries to Mend Researcher Bridges - BankInfoSecurity
2026-06-04
Breach Roundup: Microsoft Tries to Mend Researcher Bridges - BankInfoSecurity | News Content: Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, Microsoft tried to make up with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Scammers spoofed the North Ireland police. Russia said it uncovered a cyberespionage operation on mobile devices. The Dutch police took down a big botnet and Spanish police arrested a teenage hacker with a taste for doxing. A Oracle Weblogic flaw was actively exploited
cve-2024-21182githubfraudsocial media
CISA orders agencies to patch critical Oracle WebLogic Server vulnerability - SC Media
2026-06-02
CISA orders agencies to patch critical Oracle WebLogic Server vulnerability - SC Media | News Content: June 2, 2026 Bleeping Computer reports that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive to government agencies mandating the immediate patching of Oracle WebLogic Server systems against a critical vulnerability, CVE-2024-21182. This flaw, despite being patched by Oracle two years ago, is now actively being exploited by threat actors. The vulnerability, CVE-2024-21182, affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. It allows unauthenticated attackers with network access to compromise the server remotely with low complexity. Successful exploitation
google.comrssforumnews
CVE-2024-21182: CISA Warns of Active Flaw in WebLogic - Foro3D
2026-06-04
CVE-2024-21182: CISA Warns of Active Flaw in WebLogic - Foro3D | News Content: The U.S. cybersecurity agency has added the CVE-2024-21182 Oracle WebLogic vulnerability to its catalog of actively exploited flaws. This confirms that cybercriminals are already using this security hole to attack systems. The risk is concrete for companies and services that depend on this software, potentially exposing users' personal or financial data. The urgent action is to apply the official patches. Technical details of the WebLogic patch 🛡️ The CVE-2024-21182 vulnerability affects specific versions of Oracle WebLogic Server, allowing an unauthenticated remote attacker to
google.comrssforumnews
Oracle WebLogic Vulnerability Added to KEV Catalog After Active Exploitation
Athira Sasidharan2026-06-03
Oracle WebLogic Vulnerability Added to KEV Catalog After Active Exploitation | CISA Warns Organizations to Patch Vulnerable Servers Immediately. The U.S.... The post Oracle WebLogic Vulnerability Added to KEV Catalog After Active Exploitation appeared first on SecureReading.CISA Warns Organizations to Patch Vulnerable Servers Immediately. <img alt="" class
securereading.comrssforumnews
CISA warns of Oracle WebLogic vulnerability exploitation - SecNews.gr
2026-06-03
CISA warns of Oracle WebLogic vulnerability exploitation - SecNews.gr | News Content: The CISA ) has issued a warning about a security flaw in Oracle WebLogic Server. It is CVE-2024-21182, which – despite being patched almost two years ago – now appears to be actively being exploited in attacks. The fact that the vulnerability was added to the Known Exploited Vulnerabilities (KEV) catalog is particularly significant: it practically means that there is evidence that it is being used “in the field” by attackers. It is not a theoretical exploit. What is CVE-2024-21182? According to Oracle, CVE-2024-21182 is
google.comrssforumnews
CISA: falha crítica do WebLogic sendo explorada
Da Redação :: CISO Advisor2026-06-03
CISA: falha crítica do WebLogic sendo explorada | A Agência de Segurança Cibernética e de Infraestrutura dos Estados Unidos (CISA) adicionou uma vulnerabilidade crítica do servidor de aplicações Java Oracle WebLogic ao seu catálogo de falhas exploradas ativamente, conforme informou ontem o jornalista Eduard Kovacs em uma reportagem. O problema de segurança, registrado como CVE-2024-21182, foi corrigido originalmente pela Oracle em seu pacote [&#8230;]
cisoadvisor.com.brrssforumnews
CISA Warns of Active Exploitation of Critical Oracle WebLogic Vulnerability - LinkedIn
2026-06-02
CISA Warns of Active Exploitation of Critical Oracle WebLogic Vulnerability - LinkedIn | News Content: The Cyber Security Hub™ The Cyber Security Hub™ World's Premier Cyber Security Portal Published Jun 2, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive ordering federal agencies to secure systems vulnerable to a critical Oracle WebLogic Server flaw that security researchers say is now being actively exploited by attackers in the wild. The vulnerability, tracked as CVE-2024-21182, affects Oracle WebLogic Server — one of the most widely deployed enterprise Java application servers used by governments, financial institutions, telecommunications
google.comrssforumnews
Show All News
avatar
SHORT INFO@ShortInfoNews
1 day ago
Internet-facing Oracle $ORCL WebLogic Server is under active attack. CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities catalog: an unauthenticated attacker can hit it remotely over T3 or IIOP and read sensitive data. US federal patch deadline: June 4.
avatar
CiberPlaneta@CiberPlanetaOrg
2 days ago
🛡️ Alerta de Seguridad: Oracle WebLogic Server - Acceso No Autorizado a Datos vía T3/IIOP (CVE-2024-21182) Vulnerabilidad crítica en Oracle WebLogic Server permite a atacantes no autenticados acceder a datos sensibles mediante protocolos T3/IIOP. Explotación activa confirmada por
avatar
Fortra@fortraofficial
10 days ago
CISA just gave federal admins 4 days to patch CVE-2024-21182, an Oracle WebLogic vulnerability from 2024. More than 40% of KEV entries arrive this late. Fortra's Tyler Reguly in CSO Online on the pattern: → https://t.co/gPa3OPcvQC
avatar
Cyber Netsec IO@NetSecIO
13 days ago
🚨 CISA KEV ALERT: A 2-year-old Oracle WebLogic flaw (CVE-2024-21182) is now under active attack. The RCE bug allows unauthenticated compromise. If you're running a vulnerable version, patch immediately or restrict access! #CyberSecurity #KEV #Oracle 🌐 cyber[.]netsecops[.]io https://t.co/p5mALcQUbX
avatar
DCI CyberSec News@DCICyberSecNews
15 days ago
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation https://t.co/1slarhTSd9 via @TheHackersNews
avatar
Upwind Security MDR@UpwindMDR
15 days ago
🚨 CISA Adds Oracle WebLogic Flaw to KEV Catalog CISA has added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation. 👉 Organizations using Oracle WebLogic should prioritize
avatar
Modat@modat_magnify
15 days ago
⚠️ Oracle WebLogic – Actively Exploited Vulnerability Added to CISA KEV (CVE-2024-21182)  CISA has added CVE-2024-21182 to its KEV catalogue following evidence of active exploitation in the wild. The vulnerability affects the Core component of Oracle WebLogic Server and allows https://t.co/2MePwvlpzM
avatar
DFIR Lab@DFIR_Lab
16 days ago
🚨 CRITICAL: CVE-2024-21182 in Oracle WebLogic Server. CVSS allows unauthenticated remote attackers via T3/IIOP to access critical data. Listed on CISA KEV—actively exploited. Patch immediately. #CVE #Vulnerability #PatchNow #ThreatIntel #DFIR https://t.co/jS5vcITLgf
avatar
Daily Security Review@securitydailyr
16 days ago
CISA KEV: CVE-2024-21182 Oracle WebLogic -- unauthenticated data read, no credentials needed. Patch available since July 2024. Feds have until June 4. 11 months of available patch, still being actively exploited. https://t.co/Gnkw9ZjwcU #CyberSecurity #CIS
avatar
The Daily Tech Feed@dailytechonx
16 days ago
CISA warns of active exploitation of critical Oracle WebLogic Server vulnerability CVE-2024-21182. Organizations urged to patch immediately to prevent unauthorized access. Link: https://t.co/DPqGDkPWnV #Cybersecurity #Oracle #WebLogic #Vulnerability #CVE #Exploitation #Patch https://t.co/bGeb06z5H0
Show All Tweets
Configuration 1
TypeVendorProduct
AppOracleweblogic_server
ReferenceLink
[email protected]https://www.oracle.com/security-alerts/cpujul2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpujul2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpujul2024.html
134C704F-9B21-4F2E-91B3-4A467353BCC0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21182
AF854A3A-2127-422B-91AE-364DA2661108https://www.oracle.com/security-alerts/cpujul2024.html
[email protected]https://www.oracle.com/security-alerts/cpujul2024.html
ORACLE ADVISORYhttps://www.oracle.com/security-alerts/cpujul2024.html

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence Access