CVE-2022-32549
22.06.2022, 15:15
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | sling_api | 𝑥 ≤ 2.25.0 |
| apache | sling_commons_log | 𝑥 ≤ 5.4.0 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| apache | sling | 𝑥 ≤ 2.25.0 | CNA |
| apache | sling | 𝑥 ≤ 5.4.0 | CNA |
Common Weakness Enumeration
- CWE-117 - Improper Output Neutralization for LogsThe software does not neutralize or incorrectly neutralizes output that is written to logs.
- CWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.