CVE-2024-21216: 
Oracle WebLogic Server vulnerability analysis and mitigation

CVE-2024-21216 is a critical vulnerability affecting Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise Oracle WebLogic Server. The vulnerability was disclosed in October 2024 as part of Oracle's Critical Patch Update (CPU) and has been assigned a CVSS 3.1 base score of 9.8, indicating its critical severity (Oracle CPU, NVD).

The vulnerability exists in the Core component of Oracle WebLogic Server and can be exploited through the T3 and IIOP protocols, which are typically enabled by default in standard WebLogic installations. The CVSS vector string (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates that the vulnerability requires no privileges or user interaction to exploit, has low attack complexity, and can be accessed over the network (Security Online).

Successful exploitation of CVE-2024-21216 can result in complete takeover of the Oracle WebLogic Server. The vulnerability affects all three main security aspects with high severity: confidentiality, integrity, and availability. This means attackers can potentially gain unauthorized access to sensitive data, modify system configurations, and disrupt service operations (NVD).

Oracle has released security patches for the affected versions (12.2.1.4.0 and 14.1.1.0.0) as part of the October 2024 Critical Patch Update. Organizations are strongly advised to apply these patches immediately to protect against potential exploitation. For systems that cannot be immediately patched, it is recommended to restrict access to T3 and IIOP protocols, particularly on internet-facing instances (Oracle CPU).

The vulnerability was discovered and reported by multiple security researchers including Markus Wulftange of CODE WHITE GmbH, ruozhi, spoic, Venenof7, WHOAMI, Ye Jie, yemoli, and yulate (Oracle CPU).