Access Restriction Bypass in IBM Business Process Manager and WebSphere Lombardi Edition
CVE-2014-4758

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Application Server; Business Process Manager
Vendor: CVE Published:; 4 September 2014

Summary

IBM Business Process Manager and WebSphere Lombardi Edition suffer from a vulnerability that enables remote authenticated users to bypass access restrictions. This allows unauthorized access to internal services through malicious requests sent via callService URLs. This flaw poses a significant risk to the security integrity of deployed applications, highlighting the need for immediate review and patching of affected systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21680795

x_refsource_CONFIRM

http://secunia.com/advisories/60851

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
Jul 9, 2014