IBM Business Process Manager and WebSphere CVE-2014-4758 Security Bypass Vulnerability

Bugtraq ID:	69540
Class:	Access Validation Error
CVE:	CVE-2014-4758
Remote:	Yes
Local:	No
Published:	Aug 29 2014 12:00AM
Updated:	Aug 29 2014 12:00AM
Credit:	IBM
Vulnerable:	IBM WebSphere Lombardi Edition 7.2.0 IBM Business Process Manager Standard 8.5.5 IBM Business Process Manager Standard 8.5.0.1 IBM Business Process Manager Standard 8.5.0 IBM Business Process Manager Standard 8.0 IBM Business Process Manager Standard 7.5.0 IBM Business Process Manager Express 8.5.5 IBM Business Process Manager Express 8.5.0.1 IBM Business Process Manager Express 8.5.0 IBM Business Process Manager Express 8.0.0 IBM Business Process Manager Express 7.5.0 IBM Business Process Manager Advanced 8.5.5 IBM Business Process Manager Advanced 8.5 IBM Business Process Manager Advanced 8.5.0.1 IBM Business Process Manager Advanced 8.0.1.2 IBM Business Process Manager Advanced 8.0.1.1 IBM Business Process Manager Advanced 8.0.0 IBM Business Process Manager Advanced 8.0 IBM Business Process Manager Advanced 7.5.1.2 IBM Business Process Manager Advanced 7.5.1.1 IBM Business Process Manager Advanced 7.5.0
Not Vulnerable:

IBM Business Process Manager and WebSphere CVE-2014-4758 Security Bypass Vulnerability

IBM Business Process Manager and WebSphere Lombardi Edition are prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

IBM Business Process Manager and WebSphere CVE-2014-4758 Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.