Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
Summary
CISA has added CVE-2024-21182, a high-severity vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities (KEV) Catalog. This decision was made due to evidence indicating that the flaw is being actively exploited in the wild.
IFF Assessment
The active exploitation of a known vulnerability poses a direct threat to organizations, increasing the risk of successful attacks.
Severity
The CVSS score of 7.5 indicates a high severity, primarily driven by the ability for an unauthenticated attacker with network access to gain control of affected servers, signifying significant impact and exploitability.
CISA KEV: Listed as actively exploited. Federal patch due: June 04, 2026. Known ransomware use: Unknown.
Defender Context
The inclusion of CVE-2024-21182 in CISA's KEV catalog signifies an immediate threat requiring urgent patching or mitigation. Defenders should prioritize vulnerability scanning and remediation efforts for Oracle WebLogic Server environments to prevent exploitation.