COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-21182

CVE-2024-21182

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-01
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-21182
⌖ exploited in the wild shame 45/100 exploited-in-wildunpatchedransomware

Oracle WebLogic Server vulnerability CVE-2024-21182 allows unauthenticated remote access to critical data via T3/IIOP protocols.

This unpatched vulnerability enables unauthenticated attackers to compromise WebLogic Server instances, posing a severe risk to DIB organizations relying on Oracle middleware for FedRAMP/NIST 800-171 compliance. Immediate patching and network segmentation are required to prevent unauthorized data access.

Shame score — While the vulnerability is actively exploited, it is a known issue with a public patch available, making it less avoidable than negligent vendor behavior.

Players implicated

Oracle · vendorWebLogic Server · product

Description

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Affected FedRAMP products 10 in the catalog

ProductProviderStatusMatch
Aconex for Defense Oracle Authorized vendor-exact · 0.90
Federal Managed Cloud Services Oracle Authorized vendor-exact · 0.90
Fusion Cloud Oracle Authorized vendor-exact · 0.90
Government Cloud - Common Controls Oracle Authorized vendor-exact · 0.90
Oracle Cloud Infrastructure-Government Cloud Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) - Moderate Oracle In Process vendor-exact · 0.90
Oracle Service Cloud Oracle Authorized vendor-exact · 0.90
Oracle Service Cloud (DOD) Oracle Authorized vendor-exact · 0.90
Taleo Cloud - U.S. Government Cloud Oracle Authorized vendor-exact · 0.90