VDB
RHSA-2012%3A1023
RHSA-2012%3A1023
PUBLISHED
CVSS 7.5 HIGH
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
Risk Scores
CVSS 2.0
7.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Web Platform 5.1 |
Timeline
- Jun 20, 2012 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2012:1023 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform&downloadType=securityPatches&version=5.1.2 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=766469 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1023.json advisory
- https://access.redhat.com/security/cve/CVE-2011-4605 advisory
- https://www.cve.org/CVERecord?id=CVE-2011-4605 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-4605 advisory