It was found that JBoss Fuse would allow any user defined in the users.properties file to access the HawtIO console without having a valid admin role. This could allow a remote attacker to bypass intended authentication HawtIO console access restrictions.
Acknowledgements: This issue was reported by Jay Kumar SenSharma of Red Hat.
This issue has been addressed in the following products: Red Hat JBoss A-MQ 6.2.0 Via RHSA-2015:1177 https://rhn.redhat.com/errata/RHSA-2015-1177.html
This issue has been addressed in the following products: Red Hat JBoss Fuse 6.2.0 Via RHSA-2015:1176 https://rhn.redhat.com/errata/RHSA-2015-1176.html