CVE-2014-4758

medium

Description

IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.x allow remote authenticated users to bypass intended access restrictions and send requests to internal services via a callService URL.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/94485

http://www-01.ibm.com/support/docview.wss?uid=swg21680795

http://www-01.ibm.com/support/docview.wss?uid=swg1JR50215

http://secunia.com/advisories/60851

Details

Source: Mitre, NVD

Published: 2014-09-04

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00202