Lucene search

K
cve[email protected]CVE-2022-31157
HistoryJul 15, 2022 - 6:15 p.m.

CVE-2022-31157

2022-07-1518:15:08
CWE-327
CWE-330
web.nvd.nist.gov
45
4
cve-2022-31157
lti 1.3 tool library
php
nonce generation
vulnerability
security patch
upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

Affected configurations

Vulners
NVD
Node
packbackbookslti_1_3_php_libraryRange<5.0

CNA Affected

[
  {
    "product": "lti-1-3-php-library",
    "vendor": "packbackbooks",
    "versions": [
      {
        "status": "affected",
        "version": "< 5.0"
      }
    ]
  }
]

Social References

More

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

Related for CVE-2022-31157