IssueDescription: In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.
Acknowledgement: This issue was discovered by Stuart Douglas of Red Hat.
This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.1 Via RHSA-2014:0172 https://rhn.redhat.com/errata/RHSA-2014-0172.html
This issue has been addressed in following products: JBEAP 6 for RHEL 6 JBEAP 6.2 for RHEL 6 Via RHSA-2014:0171 https://rhn.redhat.com/errata/RHSA-2014-0171.html
This issue has been addressed in following products: JBEAP 6 for RHEL 5 JBEAP 6.2 for RHEL 5 Via RHSA-2014:0170 https://rhn.redhat.com/errata/RHSA-2014-0170.html
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2014:1291 https://rhn.redhat.com/errata/RHSA-2014-1291.html
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2014:1290 https://rhn.redhat.com/errata/RHSA-2014-1290.html
This issue has been addressed in the following products: JBoss Fuse Service Works 6.0.0 Via RHSA-2014:1995 https://rhn.redhat.com/errata/RHSA-2014-1995.html
This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html