IBM WebSphere Application Server is vulnerable to SOAPAction spoofing when processing JAX-WS Web Services requests.This has been addressed.
CVEID: CVE-2022-38712[1]
DESCRIPTION: IBM WebSphere Application
Server Web services could allow a man-in-the-middle attacker to
conduct SOAPAction spoofing to execute unwanted or unauthorized
operations.
CVSS Base score:5.9
CVSS Temporal Score:See:https://exchange.xforce.ibmcloud.com/vulnerabilities/234762[2]
for the current score.
...