CVE Vulnerabilities

CVE-2014-4758

Published: Sep 04, 2014 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

Affected Software

Name Vendor Start Version End Version
Websphere_application_server Ibm 7.2.0.3 7.2.0.3
Websphere_application_server Ibm 7.2 7.2
Business_process_manager Ibm 8.5.0.0 8.5.0.0
Business_process_manager Ibm 7.5.0.0 7.5.0.0
Business_process_manager Ibm 8.0.1.0 8.0.1.0
Websphere_application_server Ibm 7.2.0.1 7.2.0.1
Business_process_manager Ibm 8.0.1.1 8.0.1.1
Business_process_manager Ibm 8.5.5.0 8.5.5.0
Websphere_application_server Ibm 7.2.0.2 7.2.0.2
Websphere_application_server Ibm 7.2.0.5 7.2.0.5
Business_process_manager Ibm 7.5.1.2 7.5.1.2
Business_process_manager Ibm 7.5.1.1 7.5.1.1
Business_process_manager Ibm 8.5.0.1 8.5.0.1
Business_process_manager Ibm 7.5.1.0 7.5.1.0
Business_process_manager Ibm 8.0.0.0 8.0.0.0
Business_process_manager Ibm 8.0.1.2 8.0.1.2
Business_process_manager Ibm 7.5.0.1 7.5.0.1
Websphere_application_server Ibm 7.2.0.4 7.2.0.4

References