CVE-2014-4758

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 4 September 2014

Summary

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21680795

x_refsource_CONFIRM

http://secunia.com/advisories/60851

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Jul 9, 2014