CVE-2022-22976 Vulnerability Analysis & Exploit Details

CVE-2022-22976 Vulnerability Summary

CVE-2022-22976: Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.

Exploit Prediction Scoring System (EPSS)

The EPSS score estimates the probability that this vulnerability will be exploited in the near future.

EPSS Score: 0.131% (probability of exploit)

EPSS Percentile: 49.55% (lower percentile = lower relative risk)
This vulnerability is less risky than approximately 50.45% of others.

CVE-2022-22976 References

External References

• https://security.netapp.com/advisory/ntap-20220707-0003/
• https://tanzu.vmware.com/security/cve-2022-22976
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.netapp.com/advisory/ntap-20220707-0003/
• https://tanzu.vmware.com/security/cve-2022-22976
• https://www.oracle.com/security-alerts/cpujul2022.html

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Forced Integer Overflow CAPEC-92 This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Vulnerable Configurations

• cpe:2.3:a:vmware:spring_security:5.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.7:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.8:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.8:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.9:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.9:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.10:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.10:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.11:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.11:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.0:-:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.7:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.8:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.8:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.9:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.3.10:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.0:-:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.0:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.0:milestone2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.0:milestone2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.7:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.7:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.8:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.8:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.9:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.9:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.10:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.10:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.4.11:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.4.11:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.0:-:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.0:milestone2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.0:milestone2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.0:milestone3:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.0:milestone3:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.5.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.5.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.6.0:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.6.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.6.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.6.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.6.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_security:5.2.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_security:5.2.0:-:*:*:*:*:*:*
• cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
• cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2025-3103 – The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file ...
• CVE-2025-3275 – The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider widget in all versions up...
• CVE-2025-1457 – The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-S...
• CVE-2025-1093 – The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all ver...
• CVE-2025-3284 – The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Cross-Site Reques...