Home > Vulnerability Database > CVE-2022-22976

Mend.io Vulnerability Database

CVE-2022-22976

Good to know:

Date: May 19, 2022

Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

Language: Java

Severity Score

5.3

Related Resources (5)

Url: https://tanzu.vmware.com/security/cve-2022-22976

Url: https://security.netapp.com/advisory/ntap-20220707-0003/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-22976

Url: https://www.oracle.com/security-alerts/cpujul2022.html

Url: https://www.mend.io/vulnerability-database/CVE-2022-22976

Severity Score

5.3

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version org.springframework.security:spring-security-crypto:5.5.7,5.6.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-22976

Good to know:

Date: May 19, 2022

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?