CVE-2024-21006

HIGH

Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Unauthorized Data Access via T3, IIOP

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-21006. PoCs published by lightr3d, momika233, dadvlingd.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-21006, targeting WebLogic Server via JNDI injection. The exploit uses a crafted MessageDestinationReference object to trigger an LDAP lookup, leading to remote code execution.

Description

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Exploits (4)

nomisec WORKING POC 18 stars
by lightr3d · poc
https://github.com/lightr3d/CVE-2024-21006_jar

This repository contains a functional exploit for CVE-2024-21006, targeting WebLogic Server via JNDI injection. The exploit uses a crafted MessageDestinationReference object to trigger an LDAP lookup, leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server
No auth needed
Prerequisites: Network access to WebLogic Server · LDAP server hosting malicious payload
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 13 stars
by momika233 · poc
https://github.com/momika233/CVE-2024-21006

The repository contains a functional exploit PoC for CVE-2024-21006, targeting Oracle WebLogic Server via T3/IIOP. The exploit leverages JNDI injection to achieve unauthorized access, demonstrating the vulnerability's impact on confidentiality.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0
No auth needed
Prerequisites: Network access to WebLogic Server via T3/IIOP · WebLogic Server with vulnerable version
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 7 stars
by dadvlingd · poc
https://github.com/dadvlingd/CVE-2024-21006

This repository contains a functional exploit for CVE-2024-21006, targeting Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 with JDK <= 1.8.191. The exploit leverages JNDI injection via LDAP to achieve remote code execution (RCE).

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0
No auth needed
Prerequisites: Target running vulnerable WebLogic version · JDK <= 1.8.191 · LDAP server (e.g., JNDIExploit) for payload delivery
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by d3fudd · poc
https://github.com/d3fudd/CVE-2024-21006_PoC

This repository contains a functional exploit for CVE-2024-21006, targeting Oracle WebLogic Server via insecure IIOP and JNDI usage. The PoC demonstrates RCE by binding a malicious JNDI reference to a WebLogic server, triggering remote code execution when the reference is looked up.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle WebLogic Server 12.2.1.3.0
No auth needed
Prerequisites: Access to a vulnerable WebLogic server · LDAP server to host malicious JNDI reference · Java runtime environment
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0792
EPSS Percentile 94.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (2)
oracle/weblogic_server 12.2.1.4.0
oracle/weblogic_server 14.1.1.0.0
Published Apr 16, 2024
Tracked Since Feb 18, 2026