← Back to CVEs
CVE-2012-3152
CRITICALCISA KEV9.1
Description
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.
CVE Details
CVSS v3.1 Score9.1
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/16/2012
Last Modified4/21/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorOracle
ProductFusion Middleware
Vulnerability NameOracle Fusion Middleware Unspecified Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown
Affected Products
oracle:fusion_middleware
References
http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/(secalert_us@oracle.com)
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/(secalert_us@oracle.com)
http://seclists.org/fulldisclosure/2014/Jan/186(secalert_us@oracle.com)
http://www.exploit-db.com/exploits/31253(secalert_us@oracle.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150(secalert_us@oracle.com)
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html(secalert_us@oracle.com)
http://www.osvdb.org/86394(secalert_us@oracle.com)
http://www.osvdb.org/86395(secalert_us@oracle.com)
http://www.securityfocus.com/bid/55955(secalert_us@oracle.com)
http://www.youtube.com/watch?v=NinvMDOj7sM(secalert_us@oracle.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79295(secalert_us@oracle.com)
http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/(af854a3a-2127-422b-91ae-364da2661108)
http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2014/Jan/186(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/31253(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/86394(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/86395(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/55955(af854a3a-2127-422b-91ae-364da2661108)
http://www.youtube.com/watch?v=NinvMDOj7sM(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79295(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-3152(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.