{
  "title": "Oracle WebLogic Server CVE-2024-21182: KEV Authentication Bypass",
  "summary": "CISA added Oracle WebLogic Server CVE-2024-21182 to its KEV catalog on 2026-06-01 due to active exploitation. This high-severity authentication bypass vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise the server and gain unauthorized access to critical data.",
  "date": "2026-06-01",
  "severity": "high",
  "tags": [
    "oracle",
    "weblogic",
    "cisa-kev",
    "authentication-bypass",
    "zero-day"
  ],
  "sources_count": 3,
  "indicators": {
    "slug": "oracle-weblogic-cve-2024-21182-kev",
    "since": "2026-06-01T00:00:00Z",
    "until": "2026-06-01T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2024-21182"
    ],
    "cwes": [
      "CWE-287"
    ],
    "advisoryIds": [],
    "products": [
      "WebLogic Server"
    ],
    "packages": [
      "oracle-weblogic-server"
    ],
    "versions": [],
    "affectedVersions": [
      "12.2.1.4.0, 14.1.1.0.0"
    ],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": [
      "T3",
      "IIOP",
      "weblogic"
    ]
  }
}