6 matches found
CVE-2022-32549
A flaw was found in Apache Sling Commons Log. This flaw allows an attacker to benefit from the flaw and forge logs, allowing cover tracks and potentially corrupting log files...
biz.netcentric.cq.tools.accesscontroltool:minimum-environment (>=3.0.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1) +73 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.commons.log (>=2.0.6 <=5.4.0)
org.apache.sling:org.apache.sling.commons.log MAVEN version =2.0.6, =3.0.0, =4.2.0, =5.6.2, =1.0.3, =1.0.20, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.1.0 and more Source cves: CVE-2022-32549 Source advisory: OSV:GHSA-QMX3-M648-HR74...
biz.netcentric.cq.tools.accesscontroltool:accesscontroltool-bundle (>=3.6.0 <=4.2.1), biz.netcentric.cq.tools.accesscontroltool:maximum-environment (>=2.5.4 <=3.6.2) +440 more potentially affected by CVE-2022-32549 via org.apache.sling:org.apache.sling.api (>=2.0.2-incubator <=2.25.0)
org.apache.sling:org.apache.sling.api MAVEN version =2.0.2-incubator, =3.6.0, =2.5.4, =3.0.0, =4.2.0, =1.0.0, =1.0.0, =0.0.1, =0.1.0, =2012.12.01, =2012.12.01, =0.0.4, =4.0.4 - com.adobe.aem:aem-sdk-api =2020.6.3800.20200626T210738Z-200604 - com.adobe.commerce.cif:core-cif-components-it-http =1.2...
CVE-2022-32549 log injection in Sling logging
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...
CVE-2022-32549
The CVE-2022-32549 entries describe a log-injection flaw in Apache Sling Commons Log ≤ 5.4.0 and Apache Sling API ≤ 2.25.0 due to improper input validation. An attacker could forge logs to obscure activity and potentially corrupt log files. Multiple connected sources (NVD, Red Hat, CNVD, OSV, Ver...
CVE-2022-32549 log injection in Sling logging
Apache Sling Commons Log = 5.4.0 and Apache Sling API = 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files...