Description

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

Remediation

References

CVE-2014-3472

Related Vulnerabilities

TYPO3 Improper Authentication Vulnerability (CVE-2011-4628)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0047)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.14)

SharePoint Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-3282)

WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)

Severity

Medium

Classification

CVE-2014-3472 CWE-264

Tags

Missing Update Known Vulnerabilities