Description
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter-Send awesome emails from WordPress SQL Injection (3.0.8)
WordPress Plugin BuddyBoss Media Cross-Site Scripting (3.2.3)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-3646)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4592)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10678)