JBoss Application Server

Redhat disclosed a remote code execution vulnerability affecting JBoss Application Server versions 4.0 and prior—which are end-of-life and unsupported—that could allow a remote threat actor to execute code in the context of the application. If the user has elevated privileges, a threat actor could install programs; view, change, or delete data; or create accounts with administrative rights. The NJCCIC recommends users and administrators upgrade to JBoss EAP 7 and apply the principle of least privilege to user accounts.