Red Hat · Jboss Soa Platform · CVE-2011-4605
**Name of the Vulnerable Software and Affected Versions**
JBoss Enterprise Application Platform versions 4.3.0 CP10 through 5.1.2
JBoss Web Platform version 5.1.2
JBoss SOA Platform versions 4.2.0.CP05 through 4.3.0.CP05
JBoss Portal Platform versions 4.3 CP07 through 5.2.x before 5.2.2
JBoss BRMS Platform version before 5.3.0
**Description**
The issue affects the JNDI service, HA-JNDI service, and HAJNDIFactory invoker servlet, allowing remote attackers to modify items in a JNDI tree due to improper restriction of write access.
**Recommendations**
For JBoss Enterprise Application Platform versions 4.3.0 CP10 through 5.1.2, update to a version that properly restricts write access.
For JBoss Web Platform version 5.1.2, update to a version that properly restricts write access.
For JBoss SOA Platform versions 4.2.0.CP05 through 4.3.0.CP05, update to a version that properly restricts write access.
For JBoss Portal Platform versions 4.3 CP07 through 5.2.x before 5.2.2, update to version 5.2.2 or later.
For JBoss BRMS Platform version before 5.3.0, update to version 5.3.0 or later.