⚠ Actively exploited
Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..

CVE-2012-0518Open Redirect in Oracle Fusion Middleware

CWE-601Open Redirect9 documents6 sources
Severity
4.7MEDIUMNVD
NVD4.3
EPSS
14.5%
top 5.55%
CISA KEV
KEV
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Oracle Fusion Middleware
Timeline
PublishedOct 16
KEV addedMar 28
KEV dueApr 18
Latest updateMar 20
CISA Required Action: Apply updates per vendor instructions.

Description

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
GHSA-6v4h-56j5-jr6x: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 102022-05-17
GHSA
GHSA-cf67-jvfv-7wxp: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 102022-05-04
CVEList
CVE-2012-3175: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 102012-10-17
CVEList
CVE-2012-0518: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 102012-10-16
VulnCheck
Oracle Fusion Middleware Unspecified Vulnerability2012

📋Vendor Advisories

1
CISA
Oracle Fusion Middleware Unspecified Vulnerability2022-03-28

🕵️Threat Intelligence

1
Tenable
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability2026-03-20
CVE-2012-0518 — Open Redirect in Oracle | cvebase