An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies