Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: oracle-weblogic (1 article)Clear

CISA adds Oracle WebLogic Server CVE-2024-21182 to KEV after active exploitation evidence - FCEB patch deadline set

CISA has added CVE-2024-21182, an unspecified vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. WebLogic is a widely deployed Java EE application server that frequently sits on internet-facing infrastructure, making it a recurring target for initial access and cryptomining campaigns. Under Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must remediate KEV-listed flaws by the assigned deadline, and CISA urges all organizations to prioritize patching. Oracle addressed the flaw in a prior Critical Patch Update; organizations running unpatched WebLogic instances should apply the relevant CPU and audit for signs of exploitation immediately.

Check
Inventory Oracle WebLogic Server instances, especially internet-facing ones, and confirm the relevant Oracle Critical Patch Update addressing CVE-2024-21182 is applied. Audit logs for exploitation indicators.
Affected
Oracle WebLogic Server instances unpatched against CVE-2024-21182. Internet-facing deployments are at highest risk; WebLogic is a recurring target for initial access and cryptomining.
Fix
Apply the relevant Oracle Critical Patch Update immediately. FCEB agencies must remediate by the CISA KEV deadline. Remove WebLogic admin consoles from public internet exposure.