CVE-2024-21182

Analyzed
Published: 16 Jul 2024, 22:40
Last modified:02 Jun 2026, 03:55

Vulnerability Summary

Overall Risk (default)
medium
48/100
CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
89.65% CRITICAL
90% probability +1.98%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Jul 2024, 22:40
Published
Vulnerability first disclosed
01 Jun 2026, 00:00
Added to CISA KEV
Oracle WebLogic Server Unspecified Vulnerability
02 Jun 2026, 03:55
Last Modified
Vulnerability information updated
04 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Trends

Current EPSS score: 89.65% Percentile: 100%

Affected Systems

  • oracle corporationweblogic server

    12.2.1.4.0 | 14.1.1.0.0

  • UnknownWebLogic Server

    12.2.1.4.0 | 14.1.1.0.0

References (2)