Vulnerability intelligence
CVE-2024-21182
Oracle WebLogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS Score
7.5
High
EPSS — Exploit Probability
90%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
KEV since 2026-06-01
Remediation
unknown
Federal deadline 2026-06-04
9 articles across 6 outlets · first covered Jun 1, 2026 · latest Jun 2, 2026
Coverage timeline
-
Oracle WebLogic CVE-2024-21182 added to KEV amid active exploitsthehackernews.com · Jun 2, 2026
-
CISA adds Oracle WebLogic flaw CVE-2024-21182 to exploited listsecurityaffairs.com · Jun 2, 2026
-
CISA Alerts to Active Exploits of Unpatched Oracle WebLogic Flawwww.securityweek.com · Jun 2, 2026
-
CVE-2024-21182 Fuels SilentCryptoMiner Attack on Streaming Sitessecurityonline.info · Jun 2, 2026
-
Grandoreiro Banking Trojan Evades Defense via Lookalike Softwaresecurityonline.info · Jun 2, 2026
-
The Shai-Hulud Infiltration: Red Hat Exploited in Sovereign Supply Chain Breachsecurityonline.info · Jun 2, 2026
-
CISA’s KEV Catalog Helps Firms Tackle Oracle WebLogic Riskwww.cisa.gov · Jun 2, 2026
-
CISA Puts Oracle WebLogic Flaw CVE‑2024‑21182 on KEV Listcisa.gov · Jun 1, 2026
-
CISA flags Oracle WebLogic CVE-2024-21182 as actively exploitedwww.cisa.gov · Jun 1, 2026