Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM67A51BC865CA54E6384661B3BABFC10613C64590B3ED5F92E4DC9C991EF68CE0
HistoryJan 03, 2023 - 3:19 p.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2022-38712)

2023-01-0315:19:35
www.ibm.com
15
ibm
websphere application server
soapaction spoofing
tivoli system automation application manager
security bulletin
cve-2022-38712

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.3%

JSON

Summary

IBM WebSphere Application Server used by IBM Tivoli System Automation Application Manager is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. Required fixes for affected WebSphere Application Server has been published in the security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli System Automation Application Manager 4.1

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Tivoli System Automation Application Manager 4.1 WebSphere Application Server 8.5 Security Bulletin: IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712)
IBM Tivoli System Automation Application Manager 4.1 WebSphere Application Server 9.0 Security Bulletin: IBM WebSphere Application Server is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_system_automation_application_managerMatch4.1

Related

ibm 26
prion 1
cvelist 1
nvd 1
cve 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center (CVE-2022-38712)
2022-11-08 13:15:08
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-38712)
2022-12-01 11:05:30
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)
2023-07-21 12:37:30
prion
prion
Spoofing
2022-11-03 20:15:00
cvelist
cvelist
CVE-2022-38712
2022-11-03 00:00:00
nvd
nvd
CVE-2022-38712
2022-11-03 20:15:29
cve
cve
CVE-2022-38712
2022-11-03 20:15:29

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

26.3%

JSON
Related for 67A51BC865CA54E6384661B3BABFC10613C64590B3ED5F92E4DC9C991EF68CE0
ibm26prion1cvelist1nvd1cve1