It was found that the implementation of GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it is possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer and the endpoint in question is being used by a privileged user.
I would like to propose unembargoing this issue public as it is low severity. If there is a significant reason to leave this issue embargoed please let me know.
This issue has been addressed in the following products:
JBoss Portal 6.2.0
Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html