Man-in-the-Middle Vulnerability in IBM WebSphere Application Server
CVE-2022-38712

5.9MEDIUM

Key Information:

Vendor: IBM
Status: IBM Websphere Application Server
Vendor: CVE Published:; 3 November 2022

Summary

A vulnerability exists in IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 that could enable a man-in-the-middle attacker to exploit SOAPAction spoofing. This exploitation could result in unauthorized operations being executed, potentially compromising the security and integrity of the application and its data. It is essential for users to review their security protocols and ensure that appropriate measures are taken to mitigate this risk.

Affected Version(s)

IBM WebSphere Application Server "7.0, 8.0, 8.5, and 9.0"

References

https://www.ibm.com/support/pages/node/6829907

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
Aug 23, 2022