Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests CVE-2022-38712. The fix includes the IBM Websphere Application Server APAR PH49111 Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM Security Verify Governance, Identity Manager virtual appliance component vulnerable to spoofing attacks (CVE-2022-38712)

Summary IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics Predictive Insights (CVE-2022-38712)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability CVE-2020-35282 to spoofing when processing JAX-WS Web Services requests has been published. Vulnerability Details Refer ...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2022-38712)

Summary IBM WebSphere Application Server used by IBM Tivoli System Automation Application Manager is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. Required fixes for affected WebSphere Application Server has been published in the security bulletin. Vulnerability...

Security Bulletin: WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests which affects Content Collector for Email

Summary WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics Installed WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests (CVE-2022-38712)

Summary The security issue described in CVE-2022-38712 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-38712)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8....

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-38712)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2022-38712)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management

Summary IBM InfoSphere Master Data Management is affected by IBM WebSphere Application Server which is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests Vulnerability Details CVEID:CVE-2022-38712 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web...

Security Bulletin: WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM Security Access Manager for Enterprise Single Sign-On includes IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to SOAPAction spoofing CVE-2022-38712 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2022-38712)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

CVE-2022-38712

"IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762."...

Security Bulletin: IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to SOAPAction spoofing (CVE-2022-38712)

Summary IBM WebSphere Application Server, which is bundled in IBM Cloud Pak for Applications, is vulnerable to SOAPAction spoofing CVE-2022-38712 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

CVE-2022-38712

CVE-2022-38712 affects IBM WebSphere Application Server 7.0–9.0 Web services, where a MITM attacker could spoof SOAPAction on JAX-WS web services to execute unwanted or unauthorized operations. The known base score is 5.9 (I:H, A:N) with network attack vector and no user interaction. IBM product ...

Security Bulletin: Vulnerability identified in IBM WebSphere Application Server shipped with IBM WebSphere Service Registry and Repository (CVE-2022-38712)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2022-38712)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2022-38712)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2022-38712)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...