High
Apache TomEE could allow a remote attacker to bypass security restrictions, caused by a misconfiguring issue when configured with the embedded ActiveMQ broker. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to TCP port 1099 without authentication.
Security Bypass
Apache Tomcat
Upgrade to the latest version of TomEE (7.0.9, 7.1.4, 8.0.4 or later).