Description
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Ads Manager Arbitrary File Upload (2.5.94)
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)
WordPress Plugin Solve Media CAPTCHA Cross-Site Request Forgery (1.1.0)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)