criticalCISA KEVCVE-2024-21182

Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

ProductWebLogic Server
CVSS7.5
EPSS0.49689
UpdatedJuly 9, 2026

Quick answer

Oracle WebLogic Server should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • 12.2.1.4.0
  • 14.1.1.0.0

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

Apply the Oracle Critical Patch Update that fixes CVE-2024-21182 and reduce WebLogic administrative and protocol exposure. Internet-facing WebLogic deployments should be reviewed for unauthorized deployments, changed domain configuration, and suspicious authentication events.

  1. Inventory every WebLogic domain, managed server, admin server, cluster, and Oracle Fusion Middleware dependency.
  2. Apply the relevant Oracle Critical Patch Update or move to a fixed supported WebLogic Server release.
  3. Restrict the WebLogic Admin Console and Node Manager to trusted administrative networks only.
  4. Block T3, T3S, IIOP, and administrative protocols from untrusted networks unless explicitly required and protected.
  5. Review deployed applications, startup classes, JDBC data sources, security realms, and domain configuration for unauthorized changes.
  6. Rotate WebLogic administrator, datasource, LDAP, and integration credentials if suspicious access is found.
  7. Restart managed servers from a clean patched image and confirm clustered nodes are patched consistently.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm Oracle patch inventory shows the CPU that remediates CVE-2024-21182 on every WebLogic node.
  • Validate admin and protocol ports are not reachable from untrusted networks.
  • Review WebLogic access, server, audit, and domain logs for exploit attempts or unexpected deployments.
  • Run application smoke tests and cluster health checks after patching.
  • Run a Fixnx scan to confirm public sites do not expose WebLogic administration endpoints.

Related categories

Trusted references

FAQ

What is affected by CVE-2024-21182?

Oracle WebLogic Server versions listed as affected should be reviewed: 12.2.1.4.0, 14.1.1.0.0.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.