Multiple vulnerabilities in VMware Spring Security
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-22975 CVE-2022-22976 CVE-2022-22978 |
| CWE-ID | CWE-285 CWE-190 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
Spring Security Server applications / Frameworks for developing and running applications |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated: 17.05.2022
Added vulnerability #2-3.
1) Improper Authorization
EUVDB-ID: #VU63301
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22975
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to an authorization bypass issue in RegexRequestMatcher. A remote attacker can bypass RegexRequestMatcher on some servlet containers.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpring Security: 5.5.0 - 5.6.3
External linkshttp://github.com/vmware-tanzu/pinniped/security/advisories/GHSA-hvrf-5hhv-4348
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU63342
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-22976
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in BCrypt class with the maximum work factor (31) for BCryptPasswordEncoder. The encoder does not perform any salt rounds, which weakens encryption capabilities of the software.
Install updates from vendor's website.
Vulnerable software versionsSpring Security: 5.0.0 - 5.6.3
External linkshttp://tanzu.vmware.com/security/cve-2022-22976
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Improper Authorization
EUVDB-ID: #VU63345
Risk: High
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-22978
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to input validation error when processing untrusted input in applications that are using RegexRequestMatcher with `.` in the regular expression. A remote non-authenticated attacker can bypass authorization checks.
Install updates from vendor's website.
Vulnerable software versionsSpring Security: 5.0.0 - 5.6.3
External linkshttp://tanzu.vmware.com/security/cve-2022-22978
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
