Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Oracle Reports rwservlet vulnerabilities - Vulnerability Database

Oracle Reports rwservlet vulnerabilities

Description

netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.

Remediation

Currently, Oracle didn't provided any fix for these vulnerabilities.

References

CVE-2012-3152
CVE-2012-3153

Related Vulnerabilities

VMware Horizon Log4Shell RCE High
Common tags: Code Execution Acumonitor
SAP Hybris Deserialization RCE High
Common tags: Code Execution Acumonitor
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102) Critical
Common tags: Code Execution Acumonitor
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 High
Common tags: Code Execution Acumonitor
Apache Shiro Deserialization RCE High
Common tags: Code Execution Acumonitor

Severity

High

Classification

CVE-2012-3152
CVE-2012-3153
CWE-20
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution
Directory Listing
Acumonitor