Description

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.2.ga_cp04 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

Remediation

References

CVE-2007-1354

Related Vulnerabilities

Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7851)

Microsoft SQL Server CVE-2023-36728 Vulnerability (CVE-2023-36728)

WordPress Plugin WP Fastest Cache Local File Inclusion (0.8.5.9)

Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)

Oracle Database Server CVE-2012-0528 Vulnerability (CVE-2012-0528)

Severity

Medium

Classification

CVE-2007-1354

Tags

Missing Update Known Vulnerabilities