CVE-2022-22976
Published: 19 May 2022
Summary
CVE-2022-22976 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Vmware Spring Security. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 41.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-5665
Vulnerability details
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due…
more
to an integer overflow error. The default settings are not affected by this CVE.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.