CVE-2011-4605

2012-11-2300:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.4%

JSON

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker
servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web
Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3
CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly
restrict write access, which allows remote attackers to add, delete, or
modify items in a JNDI tree via unspecified vectors.