← back
CVE-2022-22976

CVE-2022-22976

EPSS 2.1%CWE-190
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 2.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 May 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
Affected products
n/a · Spring Security

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.netapp.com/advisory/ntap-20220707-0003/https://tanzu.vmware.com/security/cve-2022-22976https://www.oracle.com/security-alerts/cpujul2022.html