CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
36.6%
IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3 |
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
Jazz for Service Management version 1.1.3.7 - 1.1.3.16 | Websphere Application Server Full Profile 9.0 |
Jazz for Service Management version 1.1.3- 1.1.3.14|
Websphere Application Server Full Profile 8.5.5
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
36.6%