Description
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Indieweb Post Kinds Cross-Site Scripting (1.3.1)
Oracle Database Server CVE-2009-1015 Vulnerability (CVE-2009-1015)
Jenkins Other Vulnerability (CVE-2020-2100)
Liferay DXP Other Vulnerability (CVE-2023-33946)
Squid Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-4553)