The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise application platform 5.2.0 |
||
redhat jboss enterprise web platform 5.2.0 |
||
redhat jboss enterprise brms platform |