7 matches found
CVE-2022-32549
A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...
biz.netcentric.cq.tools.accesscontroltool:minimum-environment (>=3.0.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1) +73 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.commons.log (>=2.0.6 <=5.4.0)
org.apache.sling:org.apache.sling.commons.log MAVEN version =2.0.6, =3.0.0, =4.2.0, =5.6.2, =1.0.3, =1.0.20, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.1.0 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74...
GHSA-QMX3-M648-HR74 Log Injection in Apache Sling Commons Log and Apache Sling API
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...
CVE-2022-32549
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...
CVE-2022-32549
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...
CVE-2022-32549
The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...
CVE-2022-32549 log injection in Sling logging
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...