Two-year old Oracle WebLogic Server vulnerability is being exploited
Summary
A two-year-old, high-severity vulnerability (CVE-2024-21182) in Oracle WebLogic Server is being actively exploited and has been added to CISA's Known Exploited Vulnerabilities catalog. US federal departments are mandated to patch this flaw by Thursday, with the inclusion on the KEV catalog serving as a warning to the private sector as well.
IFF Assessment
This vulnerability is being actively exploited by threat actors, posing a direct risk to systems that are not patched.
Severity
The article states the vulnerability was rated 7.3 on the CVSS scale at the time of its discovery, indicating a high severity.
CISA KEV: Listed as actively exploited. Federal patch due: June 04, 2026. Known ransomware use: Unknown.
Defender Context
The active exploitation of this older vulnerability highlights the ongoing threat posed by unpatched legacy systems. Defenders should prioritize patching known vulnerabilities, especially those appearing on CISA's KEV catalog, as this indicates active exploitation and a higher risk of compromise.