A missing permission check was found in the JBoss Operations Network CLI, a Java shell that allows you to connect to the JBoss ON server over the command line. An unprivileged JBoss ON user could use this flaw to perform JBoss ON management tasks and configuration changes with the privileges of the administrator user.
Statement: This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches