Description
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2020-17089 Vulnerability (CVE-2020-17089)
axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-42034)
Internet Information Services Other Vulnerability (CVE-1999-0450)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (3.0.30)