CVE-2012-3152

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 11.1.1.4 through 11.1.2.0

Description The issue is related to insufficient access control in the Oracle Reports Developer component of Oracle Fusion Middleware. It may allow a remote attacker to impact the integrity and confidentiality of protected information via the HTTP protocol. The vulnerability can potentially be exploited to read and upload arbitrary files, and in combination with other issues, may allow the execution of arbitrary code by uploading a .jsp file.

Recommendations For versions 11.1.1.4 through 11.1.2.0, consider restricting access to the Report Server Component to minimize the risk of exploitation. As a temporary workaround, avoid using the URLPARAMETER functionality in the reports/rwservlet until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.