Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2022/06/30 5:56 p.m.58 views

CVE-2022-32549

A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...

5.3CVSS3.9AI score0.0222EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/06/23 12:0 a.m.2 views

biz.netcentric.cq.tools.accesscontroltool:minimum-environment (>=3.0.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1) +73 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.commons.log (>=2.0.6 <=5.4.0)

org.apache.sling:org.apache.sling.commons.log MAVEN version =2.0.6, =3.0.0, =4.2.0, =5.6.2, =1.0.3, =1.0.20, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.1.0 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74...

5.3CVSS5.9AI score0.0222EPSS
Exploits0
OSV
OSV
added 2022/06/23 12:0 a.m.4 views

GHSA-QMX3-M648-HR74 Log Injection in Apache Sling Commons Log and Apache Sling API

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.3CVSS5.9AI score0.0222EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/22 3:15 p.m.7 views

CVE-2022-32549

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.3CVSS6.1AI score0.0222EPSS
Exploits0References2
NVD
NVD
added 2022/06/22 3:15 p.m.17 views

CVE-2022-32549

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.3CVSS0.0222EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:25 p.m.516 views

CVE-2022-32549

The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...

5.3CVSS5.4AI score0.0222EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/06/22 2:25 p.m.17 views

CVE-2022-32549 log injection in Sling logging

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.8AI score0.0222EPSS
Exploits0References1
Rows per page
Query Builder