cbcvebase.
CVE-2014-4758
published 2014-09-04

CVE-2014-4758: IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access…

medium4CVSS 3.1
AVNACLAuSCNIPAN
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

Affected

18 ranges
VendorProductVersion rangeFixed in
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmbusiness_process_manager
ibmwebsphere_application_server
ibmwebsphere_application_server
ibmwebsphere_application_server
ibmwebsphere_application_server
ibmwebsphere_application_server
ibmwebsphere_application_server