CVE-2014-4758

Sažetak

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

Reference

http://secunia.com/advisories/60851
http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215
http://www-01.ibm.com/support/docview.wss?uid=swg21680795
https://exchange.xforce.ibmcloud.com/vulnerabilities/94485

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:35

Objavljeno

04-09-2014 - 10:55