IBM WebSphere Portal 8.5.0 before CF08 allows remote malicious users to bypass intended access restrictions via a crafted request.
ibm websphere portal 8.5.0.0