Description
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role.
Remediation
References
Related Vulnerabilities
WordPress Plugin Allow REL= and HTML in Author Bios Cross-Site Scripting (.1)
WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.14)
MySQL CVE-2021-2162 Vulnerability (CVE-2021-2162)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-2719)
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)