Oracle WebLogic Vulnerability Added to CISA KEV Catalog Amid Active Exploits
A recently patched Oracle WebLogic vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. The flaw, addressed in Oracle’s July 2024 Critical Patch Update (CPU), joins over a dozen other WebLogic vulnerabilities already listed in the KEV, underscoring persistent targeting of the platform.
Security researchers, including Tyler Reguly of Fortra, note that while the patch has been available for months, delayed remediation remains a key risk. Organizations with outdated systems particularly those that haven’t applied patches in years are prime targets, as attackers prioritize easier entry points over hardened environments.
The addition also highlights a broader trend: only 41% of CVEs in the KEV catalog are added in the same year they’re disclosed, with that figure rising to 58% by the following year. Surprisingly, over 40% of KEV-listed vulnerabilities are added two or more years after their release, suggesting that older flaws continue to be weaponized against unpatched systems. The delayed inclusion of this Oracle WebLogic bug aligns with this pattern, reinforcing the need for timely patch management.
Oracle cybersecurity rating report: https://www.rankiteo.com/company/oracle
"id": "ORA1780446221",
"linkid": "oracle",
"type": "Vulnerability",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'location': 'Global',
'name': 'Organizations using Oracle WebLogic',
'type': 'Enterprise'}],
'attack_vector': 'Remote Exploitation',
'date_publicly_disclosed': '2024-07',
'description': 'A recently patched Oracle WebLogic vulnerability has been '
'added to the CISA Known Exploited Vulnerabilities (KEV) '
'catalog, signaling active exploitation in the wild. The flaw, '
'addressed in Oracle’s July 2024 Critical Patch Update (CPU), '
'underscores persistent targeting of the platform. Delayed '
'remediation remains a key risk, with attackers prioritizing '
'unpatched systems.',
'impact': {'systems_affected': 'Oracle WebLogic Servers'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Delayed patching increases risk of exploitation. Older '
'vulnerabilities remain viable attack vectors.',
'motivation': 'Opportunistic Exploitation',
'post_incident_analysis': {'corrective_actions': 'Enforce timely patch '
'management, monitor for '
'exploitation attempts',
'root_causes': 'Delayed patch application, '
'unpatched systems'},
'recommendations': 'Apply Oracle WebLogic patches immediately. Prioritize '
'timely patch management to mitigate risks from known '
'vulnerabilities.',
'references': [{'source': 'CISA Known Exploited Vulnerabilities (KEV) '
'Catalog'},
{'source': 'Fortra (Tyler Reguly)'}],
'regulatory_compliance': {'regulatory_notifications': 'CISA KEV Catalog '
'Addition'},
'response': {'containment_measures': 'Patch Application (Oracle July 2024 '
'CPU)',
'remediation_measures': 'Apply Oracle WebLogic patches'},
'title': 'Oracle WebLogic Vulnerability Added to CISA KEV Catalog Amid Active '
'Exploits',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'Oracle WebLogic Vulnerability (CVE not specified)'}