66 matches found
PicketLink: PicketLink IDP ignores role based authorization
A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...
PicketLink: PicketLink IDP ignores role based authorization
A flaw was found in the PicketLink Identity Provider Configuration IDP where, under specific conditions, the IDP ignores role-based authorization. This could lead to an authenticated user being able to access application resources that are not permitted for a given role...
PT-2013-1686
Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform versions prior to 6.0.1 Description The issue prevents the application of JACC permissions for Enterprise Java Beans EJB access when using role-based authorization, allowing remote attackers to obtain...
JBoss Enterprise Application Platform: JBoss EAP: JBEAP: JBoss Enterprise Application Platform: Unauthorized EJB access via authorization module bypass
A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans EJB access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers JACC permissions from being...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update
JBoss Enterprise Application Platform 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...
JBoss Enterprise Application Platform: JBoss EAP: JBEAP: JBoss Enterprise Application Platform: Unauthorized EJB access via authorization module bypass
A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans EJB access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers JACC permissions from being...