The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has ordered executive businesses to protected their programs towards a high-severity Oracle WebLogic Server vulnerability that used to be patched two years in the past and is now actively exploited in assaults.
Oracle WebLogic Server is an enterprise-grade Java app server used as middleware for enormous, multi-tier disbursed packages.
Tracked as CVE-2024-21182, this safety flaw may also be exploited remotely via danger actors and not using a privileges in low-complexity assaults focused on programs operating Oracle WebLogic Server variations 12.2.1.4.0 and 14.1.1.0.0.
“Simply exploitable vulnerability permits unauthenticated attacker with community get admission to by means of T3, IIOP to compromise Oracle WebLogic Server,” Oracle stated when it launched safety patches for CVE-2024-21182 in July 2024.
“A hit assaults of this vulnerability can lead to unauthorized get admission to to crucial information or entire get admission to to all Oracle WebLogic Server obtainable information.”
Web intelligence platform Shodan now tracks over 1,592 Oracle WebLogic servers uncovered on-line and liable to CVE-2024-21182 exploits (961 operating model 12.2.1.4.0 and 631 operating model 14.1.1.0.0).
On Thursday, CISA added the vulnerability to its catalog of safety flaws exploited in assaults and ordered federal businesses to patch their WebLogic servers via nighttime on Thursday, June 4, as mandated via Binding Operational Directive (BOD) 22-01.
Whilst BOD 22-01 applies most effective to federal businesses, CISA recommended all community defenders, together with the ones within the personal sector, to patch their programs towards ongoing CVE-2024-21182 assaults once conceivable.
“This kind of vulnerability is a widespread assault vector for malicious cyber actors and poses important dangers to the federal venture,” CISA warned. “Follow mitigations in keeping with seller directions, practice appropriate BOD 22-01 steerage for cloud services and products, or discontinue use of the product if mitigations are unavailable.”
In October, the cybersecurity company additionally ordered executive businesses to patch an unauthenticated server-side request forgery (SSRF) vulnerability (CVE-2025-61884) in Oracle E-Trade Suite, after flagging it as actively exploited within the wild.
Extra lately, in March, Oracle launched an out-of-band safety replace to mend a crucial unauthenticated faraway code execution vulnerability (CVE-2026-21992) in Id Supervisor and Internet Services and products Supervisor, however declined to remark when BleepingComputer reached out to invite about its exploitation standing.
During the last a number of years, CISA has flagged 43 vulnerabilities throughout more than a few Oracle merchandise as exploited within the wild, 12 of which were abused in ransomware assaults.
Automatic pentesting equipment ship actual worth, however they have been constructed to respond to one query: can an attacker transfer throughout the community? They weren’t constructed to check whether or not your controls block threats, your detection regulations hearth, or your cloud configs dangle.
This information covers the 6 surfaces you in truth wish to validate.
Obtain Now
