LY Corporation: Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API

BCRM is a service that helps manage and analyze your LINE Official Account, and provide useful insights. Due to insufficient access control checks in the /admins API endpoint, it was possible for an attacker to create admin accounts. These accounts are "super"-admin accounts meant for internal us...