CVE-2012-1710
Published: 03 May 2012
Summary
CVE-2012-1710 is a critical-severity an unspecified weakness vulnerability in Oracle Fusion Middleware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2012-1710 is an unspecified vulnerability in the Oracle WebCenter Forms Recognition component of Oracle Fusion Middleware version 10.1.3.5. It affects the Designer module and is distinct from CVE-2012-1709, with the flaw allowing impacts to confidentiality, integrity, and availability.
Remote attackers can exploit the issue over the network without authentication or user interaction, resulting in complete compromise of the affected component according to its CVSS 3.1 base score of 9.8.
Oracle's April 2012 Critical Patch Update addresses the vulnerability, while additional references such as SecurityTracker ID 1026949 and Mandriva advisories provide further tracking information for affected deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2012-1720
Vulnerability details
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.
- CWE(s)
- KEV Date Added
- 25 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the Oracle Critical Patch Update that remediates CVE-2012-1710.
Boundary protection can restrict network access to the vulnerable WebCenter Forms Recognition Designer component.
Enforces access-control policy on the component, mitigating the unauthenticated remote attack path described in the CVE.