VDB
RHSA-2012%3A1109
RHSA-2012%3A1109
PUBLISHED
CVSS 7.5 HIGH
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
Risk Scores
CVSS 2.0
7.5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Portal 4.3 |
Timeline
- Jul 23, 2012 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2012:1109 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=766469 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1109.json advisory
- https://access.redhat.com/security/cve/CVE-2011-4605 advisory
- https://www.cve.org/CVERecord?id=CVE-2011-4605 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-4605 advisory