⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..
CVE-2012-3152 — Oracle Fusion Middleware vulnerability
18 documents12 sources
Severity
9.1CRITICALNVD
NVD6.4
EPSS
93.5%
top 0.17%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 16
KEV addedNov 3
KEV dueMay 3
Latest updateMar 20
CISA Required Action: Apply updates per vendor instructions.
Description
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2
Affected Packages1 packages
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-x6c2-j4cw-94j8: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2022-05-17
GHSA▶
GHSA-wcv9-8rh4-59p4: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2022-05-17
CVEList▶
CVE-2012-3153: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2012-10-16
CVEList▶
CVE-2012-3152: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2012-10-16
💥Exploits & PoCs
4🔍Detection Rules
1📋Vendor Advisories
1🕵️Threat Intelligence
4Tenable▶
CVE-2026-21992: Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability↗2026-03-20
Greynoiseio
▶