Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-3153 — Oracle Fusion Middleware vulnerability
11 documents7 sources
Severity
9.1CRITICALNVD
NVD6.4
EPSS
91.2%
top 0.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 16
Latest updateMay 17
Description
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occu…
CVSS vector
AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9
Affected Packages1 packages
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-x6c2-j4cw-94j8: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2022-05-17
GHSA▶
GHSA-wcv9-8rh4-59p4: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2022-05-17
CVEList▶
CVE-2012-3153: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2012-10-16
CVEList▶
CVE-2012-3152: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11↗2012-10-16