Vulnerability Description
IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Business Process Manager | 7.5.0.0 |
| Ibm | Websphere Application Server | 7.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60851
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215
- http://www-01.ibm.com/support/docview.wss?uid=swg21680795PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94485
- http://secunia.com/advisories/60851
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215
- http://www-01.ibm.com/support/docview.wss?uid=swg21680795PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94485
FAQ
What is CVE-2014-4758?
CVE-2014-4758 is a vulnerability with a CVSS score of 4.0 (MEDIUM). IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal servic...
How severe is CVE-2014-4758?
CVE-2014-4758 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4758?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Business Process Manager, Ibm Websphere Application Server.