CISA has ordered federal agencies to patch the actively exploited Oracle WebLogic Server flaw CVE-2024-21182, which affects versions 12.2.1.4.0 and 14.1.1.0.0 and can be abused remotely by unauthenticated attackers. Shodan shows more than 1,592 exposed vulnerable servers online, and CISA is urging all defenders to apply mitigations or stop using the product if protections are unavailable. #OracleWebLogicServer #CVE-2024-21182 #CISA
Keypoints
- CISA added CVE-2024-21182 to its catalog of vulnerabilities exploited in attacks.
- The flaw affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0.
- Attackers can exploit it remotely without privileges through low-complexity attacks.
- Shodan found more than 1,592 vulnerable WebLogic servers exposed online.
- CISA ordered federal agencies to patch by June 4 and urged all defenders to act quickly.