CVE-2014-4758
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0020 (0.2%)
Percentil: 42.0%
EPSS: 2026-05-06
Afecta
ibm:business_process_manageribm:websphere_application_serverDescripción técnica
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
Publicada: 4/9/2014, 10:55:07
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://secunia.com/advisories/60851
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215
- http://www-01.ibm.com/support/docview.wss?uid=swg21680795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94485
- http://secunia.com/advisories/60851
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215
- http://www-01.ibm.com/support/docview.wss?uid=swg21680795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94485