Description
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
Remediation
References
Related Vulnerabilities
WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability (0.6.2 - 2.5)
Oracle Application Server CVE-2008-2614 Vulnerability (CVE-2008-2614)
WordPress Plugin Scroll Baner Cross-Site Request Forgery (1.0)
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-4782)
Atlassian Jira CVE-2020-36235 Vulnerability (CVE-2020-36235)