CVE Vulnerabilities

CVE-2014-4758

Published: Sep 04, 2014 | Modified: Apr 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

Affected Software

Name Vendor Start Version End Version
Business_process_manager Ibm 7.5.0.0 (including) 7.5.0.0 (including)
Business_process_manager Ibm 7.5.0.1 (including) 7.5.0.1 (including)
Business_process_manager Ibm 7.5.1.0 (including) 7.5.1.0 (including)
Business_process_manager Ibm 7.5.1.1 (including) 7.5.1.1 (including)
Business_process_manager Ibm 7.5.1.2 (including) 7.5.1.2 (including)
Business_process_manager Ibm 8.0.0.0 (including) 8.0.0.0 (including)
Business_process_manager Ibm 8.0.1.0 (including) 8.0.1.0 (including)
Business_process_manager Ibm 8.0.1.1 (including) 8.0.1.1 (including)
Business_process_manager Ibm 8.0.1.2 (including) 8.0.1.2 (including)
Business_process_manager Ibm 8.5.0.0 (including) 8.5.0.0 (including)
Business_process_manager Ibm 8.5.0.1 (including) 8.5.0.1 (including)
Business_process_manager Ibm 8.5.5.0 (including) 8.5.5.0 (including)
Websphere_application_server Ibm 7.2 (including) 7.2 (including)
Websphere_application_server Ibm 7.2.0.1 (including) 7.2.0.1 (including)
Websphere_application_server Ibm 7.2.0.2 (including) 7.2.0.2 (including)
Websphere_application_server Ibm 7.2.0.3 (including) 7.2.0.3 (including)
Websphere_application_server Ibm 7.2.0.4 (including) 7.2.0.4 (including)
Websphere_application_server Ibm 7.2.0.5 (including) 7.2.0.5 (including)

References