CVE-2022-22976
Summary
| CVE | CVE-2022-22976 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-19 15:15:00 UTC |
| Updated | 2023-02-03 01:45:00 UTC |
| Description | Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Oracle | Financial Services Crime And Compliance Management Studio | 8.0.8.2.0 | All | All | All |
| Application | Oracle | Financial Services Crime And Compliance Management Studio | 8.0.8.3.0 | All | All | All |
| Application | Vmware | Spring Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| May 2022 Spring Security Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE-2022-22976 | Security | VMware Tanzu | MISC | tanzu.vmware.com | |
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.