Description
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)
IBM RTC Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2020-4544)
SharePoint CVE-2020-0852 Vulnerability (CVE-2020-0852)
WordPress Plugin Member Approval Cross-Site Request Forgery (131109)
WordPress Plugin Lightbox Gallery Cross-Site Scripting (0.9.4)