2 matches found
PT-2022-13484 · Red Hat · Elytron +2
Name of the Vulnerable Software and Affected Versions: JBoss EAP versions 7.1.0 and later WildFly versions 11 and later when Elytron is enabled Description: This issue is related to a concurrency problem that can cause the wrong caller principal to be returned from the session context of an EJB...
Security: Invalid EJB caller role check implementation
It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...