wildfly-ee is vulnerable to authorization bypass. The vulnerability exists as an incorrect SecurityIdentity for wildfly-ee concurrency could be used when a ElytronManagedThread that uses a different SecurityIdentity does not terminate from its previous thread and executes a new job.
access.redhat.com/errata/RHSA-2019:1106
access.redhat.com/errata/RHSA-2019:1107
access.redhat.com/errata/RHSA-2019:1108
access.redhat.com/errata/RHSA-2019:1140
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3894
github.com/wildfly/wildfly/commit/84975f8a4dd5f243c7ff5122c0d36783b116a0d7
github.com/wildfly/wildfly/pull/12159
issues.jboss.org/browse/WFLY-11846
security.netapp.com/advisory/ntap-20190517-0004/