Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2022/06/30 5:56 p.m.58 views

CVE-2022-32549

A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...

5.3CVSS3.9AI score0.02273EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/06/23 12:0 a.m.3 views

biz.netcentric.cq.tools.accesscontroltool:minimum-environment (>=3.0.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1) +73 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.commons.log (>=2.0.6 <=5.4.0)

org.apache.sling:org.apache.sling.commons.log MAVEN version =2.0.6, =3.0.0, =4.2.0, =5.6.2, =1.0.3, =1.0.20, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.1.0 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74...

5.3CVSS5.9AI score0.02273EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/23 12:0 a.m.7 views

biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=3.6.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +440 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.25.0)

org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =3.6.0, =2.5.4, =3.0.0, =4.2.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =2012.12.01, =2012.12.01, =0.0.4, =4.0.4 - com.adobe.aem:aem-sdk-api =2020.6.3800.20200626T210738Z-200604 - com.adobe.commerce.cif:core-cif-components-it-http =1.2...

5.3CVSS5.9AI score0.02273EPSS
Exploits0
Cvelist
Cvelist
added 2022/06/22 2:25 p.m.17 views

CVE-2022-32549 log injection in Sling logging

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.8AI score0.02273EPSS
Exploits0References1
CVE
CVE
added 2022/06/22 2:25 p.m.517 views

CVE-2022-32549

The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...

5.3CVSS5.4AI score0.02273EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/06/22 2:25 p.m.17 views

CVE-2022-32549 log injection in Sling logging

Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...

5.3CVSS6.1AI score0.02273EPSS
Exploits0References3
Rows per page
Query Builder