### CISA Warns of Actively Exploited Oracle WebLogic Flaw, Orders Feds to Patch
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a two-year-old Oracle WebLogic Server vulnerability that is currently being actively exploited in attacks.
**Vulnerability Details: **
The flaw, tracked as CVE-2024-21182, was patched by Oracle in July 2022 but still poses a significant risk to federal agencies and other organizations using the software. According to CISA, this security weakness can be exploited remotely by attackers with no privileges, allowing them to gain unauthorized access to critical data or complete control over all accessible data on affected systems.
**Oracle WebLogic Server: **
Oracle WebLogic Server is an enterprise-grade Java app server used as middleware for large, multi-tier distributed applications. The vulnerability affects versions 12.2.1.4.0 and 14.1.1.0.0 of the software.
**Exposure Risk:**
Internet intelligence platform Shodan has identified over 1,592 Oracle WebLogic servers exposed online and vulnerable to CVE-2024-21182 exploits.
**CISA Directive: **
CISA has added the vulnerability to its catalog of security flaws exploited in attacks and ordered federal agencies to patch their WebLogic servers by midnight on Thursday, June 4. While this directive only applies to federal agencies, CISA urges all network defenders to patch their systems against ongoing CVE-2024-21182 attacks as soon as possible.
**Previous Oracle Vulnerabilities:**
This is not the first time that CISA has flagged a vulnerability in Oracle products as actively exploited in the wild. Over the last several years, the agency has identified 43 vulnerabilities across various Oracle products, with 12 of these being abused in ransomware attacks. The latest warning serves as a reminder of the importance of timely patching and security updates to prevent cyber threats.
**Related Vulnerabilities:**
In related news, CISA has also ordered government agencies to patch other high-severity vulnerabilities in Oracle products, including an unauthenticated server-side request forgery (SSRF) vulnerability in Oracle E-Business Suite and a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager. The agency’s efforts aim to protect federal agencies and other organizations from cyber threats and ensure the security of sensitive information.
Source: Original article