Overview
- CISA added CVE-2024-21182 to its Known Exploited Vulnerabilities catalog and ordered federal agencies to remediate the flaw by June 4, citing active exploitation.
- Oracle issued a patch for CVE-2024-21182 in July 2024 and said the bug allows unauthenticated remote access over T3 and IIOP that can expose or fully compromise WebLogic server data.
- Public proof-of-concept exploit code has been posted since the patch and internet scans now show roughly 1,592 exposed WebLogic instances remain reachable and vulnerable, increasing attack risk.
- Security reporting notes there are no detailed public disclosures of confirmed victim systems yet, but CISA explicitly urged private-sector defenders to patch quickly under the same guidance used for federal systems.
- The KEV listing follows a pattern of CISA flagging older WebLogic flaws long after vendor patches, a gap that raises the chances of follow-on breaches and potential ransomware or data theft for unpatched systems.