CVE-2012-3153

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware versions 11.1.1.4 through 11.1.2.0

Description The issue affects confidentiality and integrity, and it is related to the Servlet in the Oracle Reports Developer component. There are claims that the PARSEQUERY function allows remote attackers to obtain database credentials via the "reports/rwservlet/parsequery" endpoint.

Recommendations For Oracle Fusion Middleware versions 11.1.1.4 through 11.1.2.0, consider restricting access to the PARSEQUERY function and the "reports/rwservlet/parsequery" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.