Description
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3543)
WordPress Plugin WordPress Portfolio and Gallery-GridKit Gallery Unspecified Vulnerability (1.8.18)
WordPress Plugin SEO Redirection-301 Redirect Manager Cross-Site Scripting (6.3)