Description

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

Remediation

References

CVE-2014-3472

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2362)

Oracle JRE CVE-2013-5804 Vulnerability (CVE-2013-5804)

WordPress 5.3.x Multiple Vulnerabilities (5.3)

WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)

WordPress Plugin ForumConverter SQL Injection (1.11)

Severity

Medium

Classification

CVE-2014-3472 CWE-264

Tags

Missing Update Known Vulnerabilities