Description
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Remediation
References
Related Vulnerabilities
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Arbitrary File Upload (1.3.2)
WordPress Plugin Email Templates HTML Injection (1.3)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1423)
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)
WordPress Plugin Facebook Button by BestWebSoft Cross-Site Request Forgery (2.13)