Lucene search

Veracode Vulnerability DatabaseVERACODE:15963

HistoryMay 02, 2019 - 5:06 a.m.

Authorization Bypass

2019-05-0205:06:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

58.7%

JSON

JBoss AS is vulnerable to authorization bypass. The isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles.

CPENameOperatorVersion
jboss-as-client-alleq7.3.2__2.Final_redhat_2.1.ep6.el5
jboss-as-client-alleq7.3.1__4.Final_redhat_3.1.ep6.el6
jboss-as-client-alleq7.1.2__7.Final_redhat_1.ep6.el5
jboss-as-client-alleq7.3.2__2.Final_redhat_2.1.ep6.el6
jboss-as-client-alleq7.2.0__8.Final_redhat_8.ep6.el6
jboss-as-client-alleq7.3.4__1.Final_redhat_1.1.ep6.el5
jboss-as-client-alleq7.3.3__3.Final_redhat_3.1.ep6.el6
jboss-as-client-alleq7.3.3__3.Final_redhat_3.1.ep6.el5
jboss-as-client-alleq7.2.1__5.Final_redhat_10.1.ep6.el5
jboss-as-client-alleq7.2.0__8.Final_redhat_8.ep6.el5

Name	Operator	Version
jboss-as-client-all	eq	7.3.2__2.Final_redhat_2.1.ep6.el5
jboss-as-client-all	eq	7.3.1__4.Final_redhat_3.1.ep6.el6
jboss-as-client-all	eq	7.1.2__7.Final_redhat_1.ep6.el5
jboss-as-client-all	eq	7.3.2__2.Final_redhat_2.1.ep6.el6
jboss-as-client-all	eq	7.2.0__8.Final_redhat_8.ep6.el6
jboss-as-client-all	eq	7.3.4__1.Final_redhat_1.1.ep6.el5
jboss-as-client-all	eq	7.3.3__3.Final_redhat_3.1.ep6.el6
jboss-as-client-all	eq	7.3.3__3.Final_redhat_3.1.ep6.el5
jboss-as-client-all	eq	7.2.1__5.Final_redhat_10.1.ep6.el5
jboss-as-client-all	eq	7.2.0__8.Final_redhat_8.ep6.el5

Rows per page:

1-10 of 34881

References

rhn.redhat.com/errata/RHSA-2014-1019.html

rhn.redhat.com/errata/RHSA-2014-1020.html

rhn.redhat.com/errata/RHSA-2014-1021.html

rhn.redhat.com/errata/RHSA-2015-0720.html

www.securityfocus.com/bid/69094

access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/6.3.0_Release_Notes/index.html

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1038658

bugzilla.redhat.com/show_bug.cgi?id=1052745

bugzilla.redhat.com/show_bug.cgi?id=1053239

bugzilla.redhat.com/show_bug.cgi?id=1053245

bugzilla.redhat.com/show_bug.cgi?id=1053254

bugzilla.redhat.com/show_bug.cgi?id=1053261

bugzilla.redhat.com/show_bug.cgi?id=1053775

bugzilla.redhat.com/show_bug.cgi?id=1067505

bugzilla.redhat.com/show_bug.cgi?id=1067567

bugzilla.redhat.com/show_bug.cgi?id=1069415

bugzilla.redhat.com/show_bug.cgi?id=1071414

bugzilla.redhat.com/show_bug.cgi?id=1072567

bugzilla.redhat.com/show_bug.cgi?id=1072592

bugzilla.redhat.com/show_bug.cgi?id=1076644

bugzilla.redhat.com/show_bug.cgi?id=1076650

bugzilla.redhat.com/show_bug.cgi?id=1076653

bugzilla.redhat.com/show_bug.cgi?id=1078673

bugzilla.redhat.com/show_bug.cgi?id=1079399

bugzilla.redhat.com/show_bug.cgi?id=1079410

bugzilla.redhat.com/show_bug.cgi?id=1079414

bugzilla.redhat.com/show_bug.cgi?id=1079417

bugzilla.redhat.com/show_bug.cgi?id=1079422

bugzilla.redhat.com/show_bug.cgi?id=1079426

bugzilla.redhat.com/show_bug.cgi?id=1079431

bugzilla.redhat.com/show_bug.cgi?id=1079480

bugzilla.redhat.com/show_bug.cgi?id=1079794

bugzilla.redhat.com/show_bug.cgi?id=1079897

bugzilla.redhat.com/show_bug.cgi?id=1080388

bugzilla.redhat.com/show_bug.cgi?id=1080714

bugzilla.redhat.com/show_bug.cgi?id=1080722

bugzilla.redhat.com/show_bug.cgi?id=1080776

bugzilla.redhat.com/show_bug.cgi?id=1081266

bugzilla.redhat.com/show_bug.cgi?id=1081631

bugzilla.redhat.com/show_bug.cgi?id=1082057

bugzilla.redhat.com/show_bug.cgi?id=1084348

bugzilla.redhat.com/show_bug.cgi?id=1086793

bugzilla.redhat.com/show_bug.cgi?id=1092089

bugzilla.redhat.com/show_bug.cgi?id=1092104

bugzilla.redhat.com/show_bug.cgi?id=1102510

bugzilla.redhat.com/show_bug.cgi?id=1102513

bugzilla.redhat.com/show_bug.cgi?id=1103815

exchange.xforce.ibmcloud.com/vulnerabilities/95170