The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182, an Oracle WebLogic Server vulnerability, to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal agencies are required to remediate the vulnerability by established deadlines, and CISA recommends all organizations prioritize patching as part of routine vulnerability management.