Exposures › CVE-2024-21182
Oracle WebLogic Server vulnerability CVE-2024-21182 allows unauthenticated remote access to critical data via T3/IIOP protocols.
This unpatched vulnerability enables unauthenticated attackers to compromise WebLogic Server instances, posing a severe risk to DIB organizations relying on Oracle middleware for FedRAMP/NIST 800-171 compliance. Immediate patching and network segmentation are required to prevent unauthorized data access.
Shame score — While the vulnerability is actively exploited, it is a known issue with a public patch available, making it less avoidable than negligent vendor behavior.
Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
| Product | Provider | Status | Match |
|---|---|---|---|
| Aconex for Defense | Oracle | Authorized | vendor-exact · 0.90 |
| Federal Managed Cloud Services | Oracle | Authorized | vendor-exact · 0.90 |
| Fusion Cloud | Oracle | Authorized | vendor-exact · 0.90 |
| Government Cloud - Common Controls | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Cloud Infrastructure-Government Cloud | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Enterprise Performance Management (EPM) | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Enterprise Performance Management (EPM) - Moderate | Oracle | In Process | vendor-exact · 0.90 |
| Oracle Service Cloud | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Service Cloud (DOD) | Oracle | Authorized | vendor-exact · 0.90 |
| Taleo Cloud - U.S. Government Cloud | Oracle | Authorized | vendor-exact · 0.90 |