Vulnerability CVE-2021-28544

Vulnerability Name:

CVE-2021-28544 (CCN-224010)

Assigned:

2021-03-16

Published:

2022-04-12

Updated:

2023-02-11

Summary:

CVSS v3 Severity:

4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-28544

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: XF
Type: UNKNOWN
apache-cve202128544-info-disc(224010)

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Mailing List, Third Party Advisory
security@apache.org

Source: CCN
Type: oss-sec Mailing List, Tue, 12 Apr 2022 06:54:32 -0400
[SECURITY][ANNOUNCE] Apache Subversion 1.10.8 released

Source: CCN
Type: Apache Web site
Apache Subversion

Source: security@apache.org
Type: Exploit, Patch, Vendor Advisory
security@apache.org

Source: CCN
Type: Apple security document HT213345
About the security content of macOS Monterey 12.5

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: security@apache.org
Type: Third Party Advisory
security@apache.org

Source: CCN
Type: IBM Security Bulletin 6601531 (Tivoli Netcool/Impact)
A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2021-28544)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:apache:subversion:1.10.0:*:*:*:*:*:*:*

OR cpe:/a:apache:subversion:1.14.1:*:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_netcool/impact:7.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8066	P	subversion-bash-completion-1.14.1-150400.3.8 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7811	P	subversion-1.14.1-150400.3.8 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3429	P	apache-commons-httpclient-3.1-4.364 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3529	P	jakarta-commons-fileupload-1.1.1-122.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3205	P	libltdl7-2.4.2-17.4.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95159	P	subversion-server-1.14.1-150400.3.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94835	P	subversion-1.14.1-150400.3.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95059	P	subversion-bash-completion-1.14.1-150400.3.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:5229	P	Security update for subversion (Important)	2022-05-02
oval:org.opensuse.security:def:118867	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:101585	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:119549	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:1154	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:119057	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:101832	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:1657	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:119174	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:102233	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:118677	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:119364	P	Security update for subversion (Important)	2022-04-12
oval:org.opensuse.security:def:854	P	Security update for subversion (Important)	2022-04-12

BACK