RSS

CISA flags two-year-old Oracle flaw as actively exploited in attacks

Brajeshwar1 pts0 comments

CISA flags two-year-old Oracle flaw as actively exploited in attacks

Home<br>News<br>Security<br>CISA flags two-year-old Oracle flaw as actively exploited in attacks

CISA flags two-year-old Oracle flaw as actively exploited in attacks

By Sergiu Gatlan

June 2, 2026

08:40 AM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks.

Oracle WebLogic Server is an enterprise-grade Java app server used as middleware for large, multi-tier distributed applications.

Tracked as CVE-2024-21182, this security flaw can be exploited remotely by threat actors with no privileges in low-complexity attacks targeting systems running Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0.

"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server," Oracle said when it released security patches for CVE-2024-21182 in July 2024.

"Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data."

Internet intelligence platform Shodan now tracks over 1,592 Oracle WebLogic servers exposed online and vulnerable to CVE-2024-21182 exploits (961 running version 12.2.1.4.0 and 631 running version 14.1.1.0.0).

Oracle WebLogic Server instances exposed online (Shodan)

​​​On Thursday, CISA added the vulnerability to its catalog of security flaws exploited in attacks and ordered federal agencies to patch their WebLogic servers by midnight on Thursday, June 4, as mandated by Binding Operational Directive (BOD) 22-01.

While BOD 22-01 applies only to federal agencies, CISA urged all network defenders, including those in the private sector, to patch their systems against ongoing CVE-2024-21182 attacks as soon as possible.

"This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."

In October, the cybersecurity agency also ordered government agencies to patch an unauthenticated server-side request forgery (SSRF) vulnerability (CVE-2025-61884) in Oracle E-Business Suite, after flagging it as actively exploited in the wild.

More recently, in March, Oracle released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability (CVE-2026-21992) in Identity Manager and Web Services Manager, but declined to comment when BleepingComputer reached out to ask about its exploitation status.

Over the last several years, CISA has flagged 43 vulnerabilities across various Oracle products as exploited in the wild, 12 of which have been abused in ransomware attacks.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.<br>This guide covers the 6 surfaces you actually need to validate.

Download Now

Related Articles:

Microsoft warns of new Defender zero-days exploited in attacks<br>CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks<br>CISA gives feds 4 days to patch actively exploited cPanel plugin flaw<br>CISA orders feds to patch actively exploited Drupal vulnerability<br>Trend Micro warns of Apex One zero-day exploited in the wild

Actively Exploited

CISA

Oracle

WebLogic

Sergiu Gatlan

Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Upcoming Webinar

Popular Stories

Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks

New CIFSwitch Linux flaw gives root on multiple distributions

Critical Windows Netlogon RCE flaw now exploited in attacks

Sponsor Posts

AI is a data-breach time bomb: Read the new report

33% Rise in Healthcare Credential Theft in 2025: What you need to know

Overdue a password health-check? Audit your Active Directory for free

SecAlerts: real-time vulnerability information directly from the source - no NVD delays.

#1 MSP Benchmark report 2026: Insights from 1,000+ MSPs on growth, security, artificial intelligence, and key 2026 trends.

Upcoming Webinar

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this...

exploited oracle attacks cisa flaw actively

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.