CVE-2022-32549 — MEDIUM (5.3)

Q: How severe is CVE-2022-32549?

CVE-2022-32549 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-32549?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Sling Api, Apache Sling Commons Log.

Vulnerability Description

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Sling Api	<= 2.25.0
Apache	Sling Commons Log	<= 5.4.0

Related Weaknesses (CWE)

CWE-117 CWE-116

References

https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1vMailing ListVendor Advisory
https://lists.apache.org/thread/7z6h3806mwcov5kx6l96pq839sn0po1vMailing ListVendor Advisory

FAQ

What is CVE-2022-32549?

CVE-2022-32549 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially...

How severe is CVE-2022-32549?

CVE-2022-32549 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32549?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Sling Api, Apache Sling Commons Log.