CVE-2024-21006:
CVE-2024-21006: A vulnerability in Oracle WebLogic Server (Core) allows an unauthenticated attacker with network access via T3 or IIOP to compromise the server, affecting WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. It has a CVSS v3.1 base score of 7.5 (High) with confidentiality impact, and is classified under CWE-306 Missing Authentication for Critical Function.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.5High- Published Date:Apr 16, 2024
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:84.9
- EPSS Percentile:99%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:HIGH
- Integrity Impact:NONE
- Availability Impact:NONE
Description Preview
CVE-2024-21006: A vulnerability in Oracle WebLogic Server (Core) allows an unauthenticated attacker with network access via T3 or IIOP to compromise the server, affecting WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. It has a CVSS v3.1 base score of 7.5 (High) with confidentiality impact, and is classified under CWE-306 Missing Authentication for Critical Function.
Overview
This vulnerability presents a high-severity risk for Oracle WebLogic Server deployments exposed over network protocols (T3/IIOP) because it allows unauthenticated remote access to sensitive data or potentially complete access to server data. The affected versions are 12.2.1.4.0 and 14.1.1.0.0, and the flaw is rooted in missing authentication for a critical function. Oracle has published an advisory with the recommended mitigations and patch information. Given the network-based attack vector and absence of authentication, rapid remediation is strongly advised to minimize exposure.
Remediation
- Apply the Oracle CPU APR 2024 advisory and upgrade WebLogic Server to the fixed release(s) per Oracle guidance. Ensure the patch is installed in all affected environments (12.2.1.4.0 and 14.1.1.0.0 instances).
- If upgrading is not immediately possible, implement compensating controls to mitigate exposure:
- Restrict network access to WebLogic endpoints (T3/IIOP) by enforcing strict firewall rules, VPN-only access, and network segmentation to trusted hosts.
- Disable or harden T3/IIOP endpoints where feasible, or require authentication for access to these functions.
- Deploy a web application firewall or network WAF rules to block unauthenticated access to critical WebLogic services and monitor for anomalous activity.
- Enforce strong access controls and least privilege for WebLogic components; enable auditing and centralized logging to detect unauthorized attempts.
- Verification and ongoing:
- After applying fixes, verify via patch verification steps from Oracle and conduct functional testing to confirm normal WebLogic operation.
- Re-scan and monitor systems for indicators of compromise; review logs for unauthorized T3/IIOP activity.
- Plan for credential hygiene and rotation where applicable, and keep patching cadence aligned with Oracle advisories.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
