Feed›Vulnerability›CISA flags two-year-old Oracle flaw as actively exploited in...

VulnerabilityBleeping Computer

9.8 — CRITICAL

CISA flags two-year-old Oracle flaw as actively exploited in attacks

📅 2 June 2026 at 12:40 UTC📰 Bleeping ComputerView original source ↗

CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A high-severity Oracle WebLogic Server vulnerability (CVE-2024-21182) is being actively exploited in attacks, allowing unauthenticated attackers with network access to compromise systems running vulnerable versions. This vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

⚙️Technical Details

💥Impact Assessment

Severity: Critical

Who Is at Risk

Government agencies, private sector organizations, and individuals with access to vulnerable Oracle WebLogic Server systems

🛡️Recommended Actions

1Patch Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0.0 with the latest security updates as soon as possible.

2Disable network access to vulnerable Oracle WebLogic Server systems until patched.

3Monitor for signs of exploitation and implement additional security controls to prevent unauthorized access.

📦Affected Products

Oracle Weblogic ServerOracle ConfiguratorOracle Identity ManagerOracle Web Services ManagerOracle WebLogic Server

🔐NVD Verified DataVERIFIED

CVE-2024-21182 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products (CPE)

Oracle Weblogic Server

Advisories

📋 https://www.oracle.com/security-alerts/cpujul2024.html 📋 https://www.oracle.com/security-alerts/cpujul2024.html

CVE-2025-61884 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE-918CWE-501CWE-93CWE-444CWE-287CWE-22

Affected Products (CPE)

Oracle Configurator

Advisories

📋 https://www.oracle.com/security-alerts/alert-cve-2025-61884.html 📋 https://blogs.oracle.com/security/post/apply-july-2025-cpu

CVE-2026-21992 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-306

Affected Products (CPE)

Oracle Identity ManagerOracle Web Services Manager

Advisories

📋 https://www.oracle.com/security-alerts/alert-cve-2026-21992.html

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed