CVE-2014-4758 Information

Description

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

Reference

http://secunia.com/advisories/60851 http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215 http://www-01.ibm.com/support/docview.wss?uid=swg21680795 https://exchange.xforce.ibmcloud.com/vulnerabilities/94485