Description
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6024)
WordPress Plugin BackWPup Unspecified Vulnerability (3.4.3)
Jboss EAP Improper Handling of Exceptional Conditions Vulnerability (CVE-2018-8039)
Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)
WordPress Plugin Floating Tweets Multiple Vulnerabilities (1.0.1)