Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2014-3472

The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7 as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0 does not properly check caller roles which allows remote authenticated users to bypass access restrictions via unspecified vectors.