Description
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chat Room Directory Traversal (0.1.2)
MySQL CVE-2016-0546 Vulnerability (CVE-2016-0546)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4297)
Oracle Database Server CVE-2009-2001 Vulnerability (CVE-2009-2001)
Squid NULL Pointer Dereference Vulnerability (CVE-2018-1172)