CISA has issued a warning about the exploitation of an Oracle WebLogic vulnerability, identified as CVE-2024-21182, which was patched nearly two years ago. The flaw allows remote, unauthenticated hackers to gain unauthorized access to critical data on vulnerable Oracle WebLogic Server instances. CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on June 1, instructing federal agencies to patch it by June 4. Proof-of-concept exploits have been made public, but no specific attack details have been reported.
CISA Alerts to Active Exploits of Unpatched Oracle WebLogic Flaw
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Oracle WebLogic CVE-2024-21182 added to KEV amid active exploits
thehackernews.com
-
CISA adds Oracle WebLogic flaw CVE-2024-21182 to exploited list
securityaffairs.com
-
CISA Alerts to Active Exploits of Unpatched Oracle WebLogic Flaw
www.securityweek.com
-
CVE-2024-21182 Fuels SilentCryptoMiner Attack on Streaming Sites
securityonline.info
-
Grandoreiro Banking Trojan Evades Defense via Lookalike Software
-
The Shai-Hulud Infiltration: Red Hat Exploited in Sovereign Supply Chain Breach
-
CISA flags Oracle WebLogic CVE-2024-21182 as actively exploited
cisa.gov