This includes feigning identities (user, application, process etc.). An attacker could forge Messages from a Client or a Server or a Publisher where the messages are forged to attempt to appear to be from an application other that the sending application or process. Spoofing can occur at multiple layers in the protocol stack.

By spoofing Messages from a Client, a Server or Publisher, attackers can perform unauthorized operations and avoid detection of their activities.

Message spoofing impacts Integrity, Authorization and during session / SecureChannel establishment Authentication.

See 5.1.4 for the reconciliation of this threat.