If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.