US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data.
The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a mere four days to plug the hole.
Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0.
While the KEV is aimed at US federal departments, inclusion of a vulnerability on the list should be taken as a warning to the private sector as well.
At the time it was discovered, this vuln...