CVE-2024-21006: 
Oracle WebLogic Server vulnerability analysis and mitigation

CVE-2024-21006 is a high-severity vulnerability in Oracle WebLogic Server's Core component, affecting versions 12.2.1.4.0 and 14.1.1.0.0. The vulnerability was discovered and reported by multiple researchers including bluE0 and 4ra1n. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise Oracle WebLogic Server (Oracle Advisory, SOCRadar Report).

The vulnerability has a CVSS 3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The flaw is rooted in the T3/IIOP protocols of the Oracle WebLogic Server, where improper handling of a client's lookup operation could trigger a Java Naming and Directory Interface (JNDI) injection. The vulnerability specifically involves the MessageDestinationObjectFactory class in WebLogic (Security Online).

Successful exploitation of CVE-2024-21006 can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. A Shodan search revealed approximately 5,370 exposed Oracle WebLogic Server instances that could potentially be targeted (SOCRadar Report).

Oracle has released patches to address the vulnerability in the April 2024 Critical Patch Update. For organizations unable to immediately apply patches, temporary mitigations include restricting T3 Protocol Access using WebLogic's default connection filter (weblogic.security.net.ConnectionFilterImpl) and disabling the IIOP Protocol through the WebLogic console (Security Online).