Lucene search

K
nvd[email protected]NVD:CVE-2022-31157
HistoryJul 15, 2022 - 6:15 p.m.

CVE-2022-31157

2022-07-1518:15:08
CWE-330
CWE-327
web.nvd.nist.gov
cve-2022-31157
lti 1.3 tool library
php
cryptographic vulnerability
upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.

Affected configurations

NVD
Node
packbacklti_1.3_tool_libraryRange<5.0.0

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

31.8%

Related for NVD:CVE-2022-31157