CVE-2014-3472 Information

Description

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7 as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0 does not properly check caller roles which allows remote authenticated users to bypass access restrictions via unspecified vectors.

Reference

http://rhn.redhat.com/errata/RHSA-2014-1019.html http://rhn.redhat.com/errata/RHSA-2014-1020.html http://rhn.redhat.com/errata/RHSA-2014-1021.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://www.securityfocus.com/bid/69094 https://bugzilla.redhat.com/show_bug.cgi?id=1103815 https://exchange.xforce.ibmcloud.com/vulnerabilities/95170