CyberSec.Space Logo
Back to CVE Browser

CVE-2012-3152

Known Exploited (CISA KEV)CRITICAL
9.1
CVSS Severity Score
EPSS Score55.3270%
EPSS Percentile94.44th
PublishedOct 16, 2012
Last ModifiedApr 21, 2026

Vulnerability Description

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.

Affected Platforms (CPE)

πŸ“¦
Oracle

Fusion Middleware

= 11.1.1.4.0
πŸ“¦
Oracle

Fusion Middleware

= 11.1.1.6.0
πŸ“¦
Oracle

Fusion Middleware

= 11.1.2.0

References & Advisories

πŸ”— http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/
πŸ”— http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/
πŸ”— http://seclists.org/fulldisclosure/2014/Jan/186
πŸ”— http://www.exploit-db.com/exploits/31253
πŸ”— http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
πŸ”— http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
πŸ”— http://www.osvdb.org/86394
πŸ”— http://www.osvdb.org/86395

Related Vulnerabilities

CVE-2012-313510.0

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, a...

CVE-2012-320210.0

Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 an...

CVE-2010-351010.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and...

CVE-2013-238010.0

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier ...