Description
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.
Remediation
References
Related Vulnerabilities
Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-39204)
PHP Use After Free Vulnerability (CVE-2016-7479)
WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Scripting (14.1.7)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4752)
WordPress Plugin Auctions 'upload.php' Arbitrary File Upload (2.0.1.3)