IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.
https://exchange.xforce.ibmcloud.com/vulnerabilities/114714
http://www.securitytracker.com/id/1038615