Published: 19/05/2022 Updated: 03/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Spring Security versions 5.5.x before 5.5.7, 5.6.x before 5.6.4, and previous versions unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring security
oracle financial services crime and compliance management studio 8.0.8.2.0
oracle financial services crime and compliance management studio 8.0.8.3.0
netapp active iq unified manager -

Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

CWE-190 https://tanzu.vmware.com/security/cve-2022-22976 https://security.netapp.com/advisory/ntap-20220707-0003/https://www.oracle.com/security-alerts/cpujul2022.html https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3663

CVE-2022-22976

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect