Cyber Resilience

CVE-2012-1710

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 03 May 2012

Published
03 May 2012
Modified
21 April 2026
KEV Added
25 May 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4085 97.5th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-1710 is a critical-severity an unspecified weakness vulnerability in Oracle Fusion Middleware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2012-1710 is an unspecified vulnerability in the Oracle WebCenter Forms Recognition component of Oracle Fusion Middleware version 10.1.3.5. It affects the Designer module and is distinct from CVE-2012-1709, with the flaw allowing impacts to confidentiality, integrity, and availability.

Remote attackers can exploit the issue over the network without authentication or user interaction, resulting in complete compromise of the affected component according to its CVSS 3.1 base score of 9.8.

Oracle's April 2012 Critical Patch Update addresses the vulnerability, while additional references such as SecurityTracker ID 1026949 and Mandriva advisories provide further tracking information for affected deployments.

EU & UK References

Vulnerability details

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.

CWE(s)
KEV Date Added
25 May 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oracle
fusion middleware
10.1.3.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the Oracle Critical Patch Update that remediates CVE-2012-1710.

prevent

Boundary protection can restrict network access to the vulnerable WebCenter Forms Recognition Designer component.

prevent

Enforces access-control policy on the component, mitigating the unauthenticated remote attack path described in the CVE.

References