Skip main navigation (Press Enter).

TechXchange Training Community Credentials Events Conference

TechXchange Training Community Credentials Events Conference

Cloud Pak for Business Automation

Cloud Pak for Business Automation

Come for answers. Stay for best practices. All we’re missing is you.

View Only

Back to discussions

Expand all | Collapse all

Missing Access control

1. Missing Access control

Like
Mohamed Sobhy
Posted Mon September 22, 2025 05:17 PM

Reply
we have security issue ( request Interception)

security team using Burp Suite tool to intercept the request while call DB and can access the payload and change parameters value

Any recommendation for this issue

How to Test for It

Intercept the request of submit the request using tools like Burp Suite or Postman

Tamper with API requests

POST /rest/bpm/wle/v1/coachflow/service/1.f44338c6-11f2-44eb-a8d5-ab9447d6ed44?modelID=1.1a5fdee9-dfa2-4977-94ef-16c6f3e8ddf7&callActivityID=2025.1db0d5cf-1037-41e0-8619-f0573d0cc616&branchId=2063.7ebb6b21-2319-4260-83d7-ac5d7ee2086e

"creatorFullName":"Mohamed Sobhy",

"creatorIDNumber":"1111111111",

"creatorAgency":"AAAAAAAAA",

Check the request , you will find the request after change.

------------------------------
Mohamed Sobhy
------------------------------

Additional
Resources

Discover these carefully selected resources to dive deeper into your journey and unlock fresh insights

Office

If you need immediate assistance please contact the Community Management team

support@communitysite.ibm.com

Monday - Friday: 8AM - 5 PM MT

Powered by Higher Logic

Global message icon