Red Hat Jboss Enterprise Application Platform vulnerabilities

CVE-2012-5626 [HIGH] CVE-2012-5626: EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss O EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

CVE-2016-7066 [HIGH] CWE-266 CVE-2016-7066: It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Applic It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.