THREAT WATCH
Actively Exploited SonicWall SMA1000 Appliances: CVE-2026-15410 — SonicWall SMA1000 Appliances Code Injection Vulnerability High Microsoft Active Directory Federation Services: CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability Medium Microsoft SharePoint Server: CVE-2026-56164 — Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability Actively Exploited SonicWall SMA1000 Appliances: CVE-2026-15409 — SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability Medium Cisco IOS: CVE-2008-4128 — Cisco IOS Cross-Site Request Forgery Vulnerability Critical Balbooa Forms: CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability Critical iCagenda iCagenda: CVE-2026-48939 — iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability Critical JoomShaper SP Page Builder: CVE-2026-48908 — JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability Actively Exploited SonicWall SMA1000 Appliances: CVE-2026-15410 — SonicWall SMA1000 Appliances Code Injection Vulnerability High Microsoft Active Directory Federation Services: CVE-2026-56155 — Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability Medium Microsoft SharePoint Server: CVE-2026-56164 — Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability Actively Exploited SonicWall SMA1000 Appliances: CVE-2026-15409 — SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability Medium Cisco IOS: CVE-2008-4128 — Cisco IOS Cross-Site Request Forgery Vulnerability Critical Balbooa Forms: CVE-2026-56291 — Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability Critical iCagenda iCagenda: CVE-2026-48939 — iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability Critical JoomShaper SP Page Builder: CVE-2026-48908 — JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability

CVE-2024-21182 — Oracle WebLogic Server Unspecified Vulnerability

Back to Threat Intel Dashboard
High CVSS 7.5 Actively exploited · CISA KEV

Oracle WebLogic Server

CVE-2024-21182 Added Jun 1, 2026 Remediation deadline has passed
TL;DR

Oracle WebLogic Server is affected by a high-severity vulnerability (CVE-2024-21182) that is confirmed to be actively exploited in the wild. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

What is this vulnerability?

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Mitigations

  • Apply the vendor’s security patch or update as soon as it’s available and tested.
  • If no patch exists yet, apply the vendor’s temporary workaround.
  • Limit network exposure of the affected system until it’s patched.
  • Review logs for signs of prior exploitation, especially if it’s flagged for ransomware use.

Recommendations

  • Confirm whether Oracle WebLogic Server is used anywhere in your environment.
  • Patch internet-facing systems first, then internal ones.
  • Set a reminder ahead of the remediation deadline so it doesn’t slip.
  • Subscribe to the vendor’s security advisories for earlier warning next time.

Compiled from public threat intelligence (CISA Known Exploited Vulnerabilities catalog and the National Vulnerability Database, referenced in 3 public advisories).