Critical Remote Access Vulnerability in Oracle WebLogic Server (CVE‑2024‑21182) Added to CISA KEV Catalog
What It Is – Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 contain an unauthenticated remote code execution flaw (CVE‑2024‑21182). An attacker can leverage the T3 or IIOP protocols to gain unauthorized access to data stored on the server.
Exploitability – The vulnerability is listed in the U.S. CISA Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. CVSS v3.1 base score 7.5 (High).
Affected Products – Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0.
TPRM Impact – Many enterprises and SaaS providers embed WebLogic as a middleware layer for internal applications, API gateways, and transaction processing. A compromised WebLogic instance can expose sensitive business data, undermine downstream services, and create a supply‑chain foothold for attackers targeting third‑party ecosystems.
Recommended Actions –
- Verify WebLogic version across all assets; inventory any instances running 12.2.1.4.0 or 14.1.1.0.0.
- Apply Oracle’s security patch for CVE‑2024‑21182 immediately; prioritize systems reachable from untrusted networks.
- Block or restrict inbound traffic on T3/IIOP ports (7001, 7002) at the perimeter and enforce network segmentation.
- Conduct a post‑patch validation scan and monitor logs for anomalous T3/IIOP activity.
- Update third‑party risk registers to reflect the new exposure and communicate remediation deadlines to vendors.
Source: SecurityAffairs – U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog