By Sergiu Gatlan
Publication Date: 2026-06-02 12:40:00
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-level vulnerability in Oracle WebLogic Server that was fixed two years ago and is now being actively exploited for attacks.
Oracle WebLogic Server is an enterprise-class Java app server used as middleware for large, multi-tier distributed applications.
Tracked as CVE-2024-21182This vulnerability could be exploited remotely by unprivileged threat actors to carry out low-complexity attacks targeting systems running Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0.
“An easily exploitable vulnerability allows unauthenticated attackers with network access via T3, IIOP to compromise Oracle WebLogic Server,” Oracle said in releasing security patches for CVE-2024-21182 in July 2024.
“Successful attacks on this vulnerability could result in unauthorized access to critical data or full access to all accessible Oracle WebLogic servers…”

