CVE-2022-22976 Vulnerability Details

  /     /     /  

CVE-2022-22976 Metadata Quick Info

CVE Published: 19/05/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: vmware | Vendor: n/a | Product: Spring Security
Status : PUBLISHED

---

CVE-2022-22976 Description

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-190
CWE Name: CWE-190: Integer Overflow or Wraparound
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).