CVE-2012-3152

9.1 CRITICAL CISA KEV - Actively Exploited

Published: October 16, 2012 Modified: October 22, 2025

Description

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/

Source: secalert_us@oracle.com

Broken Link

http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/

Source: secalert_us@oracle.com

Broken Link

http://seclists.org/fulldisclosure/2014/Jan/186

Source: secalert_us@oracle.com

Mailing List Third Party Advisory

http://www.exploit-db.com/exploits/31253

Source: secalert_us@oracle.com

Exploit Third Party Advisory VDB Entry

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert_us@oracle.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Source: secalert_us@oracle.com

Patch Vendor Advisory

http://www.osvdb.org/86394

Source: secalert_us@oracle.com

Broken Link

http://www.osvdb.org/86395

Source: secalert_us@oracle.com

Broken Link

http://www.securityfocus.com/bid/55955

Source: secalert_us@oracle.com

Broken Link Third Party Advisory VDB Entry

http://www.youtube.com/watch?v=NinvMDOj7sM

Source: secalert_us@oracle.com

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/79295

Source: secalert_us@oracle.com

Third Party Advisory VDB Entry

http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://seclists.org/fulldisclosure/2014/Jan/186

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory

http://www.exploit-db.com/exploits/31253

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory VDB Entry

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.osvdb.org/86394

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.osvdb.org/86395

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/bid/55955

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link Third Party Advisory VDB Entry

http://www.youtube.com/watch?v=NinvMDOj7sM

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/79295

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-3152

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

23 reference(s) from NVD

Quick Stats

CVSS v3 Score

9.1 / 10.0

EPSS (Exploit Probability)

92.6%

100th percentile

Exploitation Status

Actively Exploited

Remediation due: 2022-05-03

Affected Vendors

oracle