Description

netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.

Remediation

Currently, Oracle didn't provided any fix for these vulnerabilities.

References

CVE-2012-3152

CVE-2012-3153

Related Vulnerabilities

Apache Struts2 remote command execution (S2-045)

Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)

Apache Log4j2 JNDI Remote Code Execution

WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)

WordPress Plugin CiviCRM Remote Code Execution (5.24.2)

Severity

High

Classification

CVE-2012-3152 CVE-2012-3153 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Code Execution Acumonitor