IBMAEBC6B062684A52BE5BB279AC89E44C3B0362EB68FC3B23565E3D4A3BBACC6A2Security Bulletin: Insufficient authorization check for project actions in WebSphere Lombardi Edition (CVE-2014-4844)
EPSS
Percentile
55.9%
Summary
By using WebSphere Lomabrdi Edition (WLE) you can import and export process applications and toolkits. Although this functionality is available only to authorized users, the actual server side code accepts requests from lower privileged users.
Vulnerability Details
CVE ID:CVE-2014-4844
CVSS Base Score: 6.0
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95724> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
WebSphere Lombardi Edition allows importing and exporting process applications and toolkits. While this functionality is only available to authorized users in the user interface, the actual server side code accepts requests from lower privileged users.
Affected Products and Versions
-
- WebSphere Lombardi Edition 7.2
If you are using an earlier unsupported release, IBM strongly recommends to upgrade.
Remediation/Fixes
Install the interim fix for APAR JR51286 as appropriate for your current WebSphere Lombardi Edition version.
* [WebSphere Lombardi Edition](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Lombardi+Edition&release=All&platform=All&function=aparId&apars=JR51286>)
Workarounds and Mitigations
None.
Related
EPSS
Percentile
55.9%