CyberSec.Space Logo
Back to CVE Browser

CVE-2024-21182

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score52.5240%
EPSS Percentile95.77th
PublishedJul 16, 2024
Last ModifiedJun 1, 2026

Vulnerability Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected Platforms (CPE)

πŸ“¦
Oracle

Weblogic Server

= 12.2.1.4.0
πŸ“¦
Oracle

Weblogic Server

= 14.1.1.0.0

References & Advisories

πŸ”— https://www.oracle.com/security-alerts/cpujul2024.html
πŸ”— https://www.oracle.com/security-alerts/cpujul2024.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21182

Related Vulnerabilities

CVE-2001-009810.0

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begi...

CVE-2003-064010.0

BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite use...

CVE-2000-068110.0

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .J...

CVE-2007-041710.0

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm...