CVE-2024-21182

Warning

Media report

EPSS 89.74%
Published 16.07.2024 23:15:22
Last modified 01.06.2026 19:32:02
Source secalert_us@oracle.com
CVE watchlists
Login
Open
Login

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).  Supported versions that are affected are 12.2.1.4.0 and  14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected products Warnungen 1 Metrics 2 CWE 0 References 8

NVD 2 VulnDex Vulnerability Enrichment 0

Data is provided by the National Vulnerability Database (NVD)

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

01.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Oracle WebLogic Server Unspecified Vulnerability

Vulnerability

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metrics
Type	Source	Score	percentile
EPSS	FIRST.org	89.74%	0.996

CVSS Metrics
Source	Base Score	Exploit Score	Impact Score	Vector string
secalert_us@oracle.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

No information has yet been published about CWE.

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

05.06.2026 12:51

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

05.06.2026 12:49

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

05.06.2026 12:48

https://www.oracle.com/security-alerts/cpujul2024.html

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21182

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-21182

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-21182

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-21182

EUVD

Team-oriented vulnerability management platformTeam-oriented vulnerability management

Platform features

CVE-2024-21182

01.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog