{"api_version":"1","generated_at":"2026-04-23T02:35:57+00:00","cve":"CVE-2011-4605","urls":{"html":"https://cve.report/CVE-2011-4605","api":"https://cve.report/api/cve/CVE-2011-4605.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-4605","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-4605"},"summary":{"title":"CVE-2011-4605","description":"The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2012-11-23 20:55:00","updated_at":"2023-02-13 00:22:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2012:1025","name":"https://access.redhat.com/errata/RHSA-2012:1025","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/49658","name":"49658","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA49658 - Red Hat update for JBoss Enterprise Products - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1022.html","name":"RHSA-2012:1022","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1025.html","name":"RHSA-2012:1025","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1027.html","name":"RHSA-2012:1027","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1024","name":"https://access.redhat.com/errata/RHSA-2012:1024","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1125.html","name":"RHSA-2012:1125","refsource":"REDHAT","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/49656","name":"49656","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA49656 - Red Hat update for JBoss Enterprise Products - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1232","name":"https://access.redhat.com/errata/RHSA-2012:1232","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2012:1023","name":"https://access.redhat.com/errata/RHSA-2012:1023","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2012:1027","name":"https://access.redhat.com/errata/RHSA-2012:1027","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=766469","name":"https://bugzilla.redhat.com/show_bug.cgi?id=766469","refsource":"MISC","tags":[],"title":"766469 – (CVE-2011-4605) CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1026","name":"https://access.redhat.com/errata/RHSA-2012:1026","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1022","name":"https://access.redhat.com/errata/RHSA-2012:1022","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1125","name":"https://access.redhat.com/errata/RHSA-2012:1125","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2012:1028","name":"https://access.redhat.com/errata/RHSA-2012:1028","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.securitytracker.com/id?1027501","name":"1027501","refsource":"SECTRACK","tags":[],"title":"JBoss 'ignoreBaseDecision' Property May Let Remote Authenticated Users Bypass Access Controls - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1109","name":"https://access.redhat.com/errata/RHSA-2012:1109","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1109.html","name":"RHSA-2012:1109","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/50084","name":"50084","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA50084 - Red Hat update for JBoss Enterprise SOA Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/54644","name":"54644","refsource":"BID","tags":[],"title":"JBoss Enterprise Application Platform CVE-2011-4605 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2012:1295","name":"https://access.redhat.com/errata/RHSA-2012:1295","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469","name":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469","refsource":"MISC","tags":[],"title":"766469 – (CVE-2011-4605) CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1024.html","name":"RHSA-2012:1024","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1023.html","name":"RHSA-2012:1023","refsource":"REDHAT","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://access.redhat.com/security/cve/CVE-2011-4605","name":"https://access.redhat.com/security/cve/CVE-2011-4605","refsource":"MISC","tags":[],"title":"CVE-2011-4605 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1295.html","name":"RHSA-2012:1295","refsource":"REDHAT","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1028.html","name":"RHSA-2012:1028","refsource":"REDHAT","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1026.html","name":"RHSA-2012:1026","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/50549","name":"50549","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA50549 - Red Hat update for JBoss Enterprise Portal Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html","name":"RHSA-2012:1232","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-4605","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4605","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.3.0","cpe7":"cp10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"4.3.0","cpe7":"cp10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"5.2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"4.3.0","cpe7":"cp07","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"4.3.0","cpe7":"cp07","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_soa_platform","cpe6":"4.2.0","cpe7":"cp05","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_soa_platform","cpe6":"4.3.0","cpe7":"cp05","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_soa_platform","cpe6":"4.2.0","cpe7":"cp05","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_soa_platform","cpe6":"4.3.0","cpe7":"cp05","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"4605","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_web_platform","cpe6":"5.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2011-4605","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2012-1028.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1028.html"},{"url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469","refsource":"MISC","name":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1022.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1022.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1023.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1023.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1024.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1024.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1025.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1025.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1026.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1026.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1027.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1027.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1109.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1109.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1125.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1125.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1232.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1295.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1295.html"},{"url":"http://secunia.com/advisories/49656","refsource":"MISC","name":"http://secunia.com/advisories/49656"},{"url":"http://secunia.com/advisories/49658","refsource":"MISC","name":"http://secunia.com/advisories/49658"},{"url":"http://secunia.com/advisories/50084","refsource":"MISC","name":"http://secunia.com/advisories/50084"},{"url":"http://secunia.com/advisories/50549","refsource":"MISC","name":"http://secunia.com/advisories/50549"},{"url":"http://www.securityfocus.com/bid/54644","refsource":"MISC","name":"http://www.securityfocus.com/bid/54644"},{"url":"http://www.securitytracker.com/id?1027501","refsource":"MISC","name":"http://www.securitytracker.com/id?1027501"}]}},"nvd":{"publishedDate":"2012-11-23 20:55:00","lastModifiedDate":"2023-02-13 00:22:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"4605","Ordinal":"52133","Title":"CVE-2011-4605","CVE":"CVE-2011-4605","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"4605","Ordinal":"1","NoteData":"The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"4605","Ordinal":"2","NoteData":"2012-11-23","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"4605","Ordinal":"3","NoteData":"2013-03-30","Type":"Other","Title":"Modified"}]}}}