CISA orders federal patching of Oracle WebLogic CVE-2024-21182
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered federal agencies to patch Oracle WebLogic Server against CVE-2024-21182 by June 4, creating an immediate remediation deadline for affected government systems. The directive followed CISA's addition of the flaw to its catalog of vulnerabilities exploited in attacks. The order applies to WebLogic deployments in the federal environment, while CISA also urged broader defenders to patch as soon as possible.
Related Happenings
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
Vulnerability
H score52
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
Oracle E-Business Suite CVE-2026-46817 is under active exploitation, putting Oracle Payments deployments at takeover risk. The flaw allows unauthenticated HTTP a...
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
VulnerabilityAbout this happening: Oracle E-Business Suite CVE-2026-46817 is under active exploitation, putting Oracle Payments deployments at takeover risk. The flaw allows unauthenticated HTTP a...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch Release
H score53
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
Oracle's May 2026 Critical Security Patch Update addressed CVE-2026-46817 in Oracle E-Business Suite, a critical flaw in Oracle Payments that could let an...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch ReleaseAbout this happening: Oracle's May 2026 Critical Security Patch Update addressed CVE-2026-46817 in Oracle E-Business Suite, a critical flaw in Oracle Payments that could let an...
Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)
Vulnerability
H score59
First: 02.06.2026 15:40
Last: 02.06.2026 15:40
Sources 1
How related:
The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers.
About this happening:
CVE-2024-21182 in Oracle WebLogic Server is actively exploited and can let a network-access attacker achieve unauthenticated remote compromise. The flaw affect...
Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)
VulnerabilityHow related: The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers.
About this happening: CVE-2024-21182 in Oracle WebLogic Server is actively exploited and can let a network-access attacker achieve unauthenticated remote compromise. The flaw affect...
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
H score70
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
CISA added CVE-2026-9082 to the KEV Catalog and ordered FCEB agencies to patch Drupal by May 27, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: CISA added CVE-2026-9082 to the KEV Catalog and ordered FCEB agencies to patch Drupal by May 27, turning an actively exploited flaw into a mandatory federa...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
Vulnerability
H score53
First: 22.05.2026 16:39
Last: 22.05.2026 16:39
Sources 1
About this happening:
CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents...
Apex One on-premises server directory traversal zero-day (CVE-2026-34926)
VulnerabilityAbout this happening: CVE-2026-34926 is a Trend Micro Apex One on-premises directory traversal zero-day that can let a privileged local attacker inject malicious code onto affected agents...
Timeline
-
02.06.2026 15:40 3 articles · 1mo ago
CISA orders federal patching for Oracle WebLogic Server CVE-2024-21182
Legal Policy Action UpdateCISA added CVE-2024-21182 to its catalog of vulnerabilities exploited in attacks and ordered federal agencies to patch Oracle WebLogic Server by midnight on Thursday, June 4, under Binding Operational Directive (BOD) 22-01. CISA also urged broader defenders to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
Show sources
- CISA flags two-year-old Oracle flaw as actively exploited in attacks — www.bleepingcomputer.com — 02.06.2026 15:40
- CISA flags two-year-old Oracle flaw as actively exploited in attacks — www.bleepingcomputer.com — 02.06.2026 15:40
- Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation — thehackernews.com — 02.06.2026 21:14