1. Home
  2. CVE Database
  3. CVE-2011-4605
HIGH · 7.5

CVE-2011-4605

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP...

Vulnerability Description

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
RedhatJboss Enterprise Application Platform4.3.0
RedhatJboss Enterprise Brms Platform<= 5.2.0
RedhatJboss Enterprise Portal Platform4.3.0
RedhatJboss Enterprise Soa Platform4.2.0
RedhatJboss Enterprise Web Platform5.1.2

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2011-4605?

CVE-2011-4605 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP...

How severe is CVE-2011-4605?

CVE-2011-4605 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-4605?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Brms Platform, Redhat Jboss Enterprise Portal Platform, Redhat Jboss Enterprise Soa Platform, Redhat Jboss Enterprise Web Platform.