ctipilot.ch

Oracle WebLogic Server unauth T3/IIOP data access (CVSS 7.5); CISA KEV 2026-06-01 on active exploitation

cve · CVE-2024-21182

Coverage timeline
1
first 2026-06-02 → last 2026-06-03
Peak priority
high
1 high
Sources cited
3
3 hosts
Sections touched
1
trending-vulnerabilities
Co-occurring entities
0
no co-occurrence
ATT&CK techniques
0
no mapped behavior yet

Story timeline

  1. 2026-06-03CVE-2024-21182 — Oracle WebLogic Server: unauthenticated T3/IIOP data access, KEV-listed on active exploitation
    trending-vulnerabilities

Where this entity is cited

  • trending-vulnerabilities1

Source distribution

  • oracle.com1 (33%)
  • securityaffairs.com1 (33%)
  • thehackernews.com1 (33%)

explore in graph

Entries about Oracle WebLogic Server unauth T3/IIOP data access (CVSS 7.5); CISA KEV 2026-06-01 on active exploitation (1)

2026-06-03 · view entry permalink →

HIGHCVE-2024-21182exploited

CVE-2024-21182 — Oracle WebLogic Server: unauthenticated T3/IIOP data access, KEV-listed on active exploitation

CISA added CVE-2024-21182 to the Known Exploited Vulnerabilities catalog on 2026-06-01 "based on evidence of active exploitation" (The Hacker News, 2026-06-02). The flaw (CVSS 7.5) lets an unauthenticated, network-positioned attacker abuse the T3 or IIOP protocol listeners — exposed by default on ports 7001/7002 — to obtain unauthorized access to WebLogic-accessible data, and on some configurations a more complete server compromise. It affects Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 and was fixed in Oracle's July 2024 Critical Patch Update (Oracle CPU, 2024-07-16). The operationally relevant fact is the fresh exploitation against a patch that has been available for 23 months, not the FCEB remediation date attached to the KEV entry; WebLogic is heavily deployed J2EE middleware in EU financial-services and public-sector estates (Security Affairs, 2026-06-02). Defenders: apply the July 2024 (or later) CPU; block T3/IIOP at the perimeter and restrict it to internal admin subnets via WebLogic connection filters; alert on unauthenticated T3/IIOP initiators reaching 7001/7002 from external sources.

CISA added CVE-2024-21182 to the Known Exploited Vulnerabilities catalog on 2026-06-01 "based on evidence of active exploitation" (The Hacker News, 2026-06-02).

ctipilot v2 brief (migrated)
vulnerability03 Jun 05:00Zmulti-sourceOpen finding ↗