Apache Isis is an Apache Foundation framework for rapid development of domain-driven applications in Java. Apache Isis is vulnerable to an authorization issue that stems from the ability of the h2 webconsole module (in the Accessible Prototype menu) to automatically provide direct queries to the database when running in prototype mode. An attacker could exploit this vulnerability to obtain sensitive information.