IBM Security Bulletin: Missing access restriction on service types in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (CVE-2014-4758)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
When invoking a service using the callService URL, there is no access restriction based on the service type and services that were meant for internal use only are available for authenticated users. CVE(s): CVE-2014-4758 Affected product(s) and affected version(s): IBM Business Process Manager Standard V7.5.x, 8.0.x 8.5.x IBM Business Process Manager Express V7.5.x, 8.0.x 8.5.x IBM Business Process Manager Advanced V7.5.x, 8.0.x 8.5.x IBM WebSphere Lombardi Edition V7.2.x Refer to
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_missing_access_restriction_on_service_types_in_ibm_business_process_manager_bpm_and_websphere_lombardi_edition_cve_2014_47581?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-4758 ,CVE-2014-4263 ,CVE-2014-4244 ,CVE-2014-4759 and CVE-2014-3075. |