Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2022-24070)


## Summary Apache Subversion is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin. ## Vulnerability Details ** CVEID: **[CVE-2022-24070](<https://vulners.com/cve/CVE-2022-24070>) ** DESCRIPTION: **Apache Subversion is vulnerable to a denial of service, caused by a use-after free when looking up path-based authorization rules by the mod_dav_svn Apache HTTPD module. By sending a specially crafted request, a remote attacker could exploit this vulnerability to crash the HTTPD worker process. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224188](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224188>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- IBM Tivoli Netcool Impact| 7.1.0 ## Remediation/Fixes Product| VRMF| APAR| Remediation ---|---|---|--- IBM Tivoli Netcool Impact 7.1.0|| IJ39754| Upgrade to [IBM Tivoli Netcool Impact 7.1.0 FP26](<https://www.ibm.com/support/pages/node/6587919> "IBM Tivoli Netcool Impact 7.1.0 FP26" ) ## Workarounds and Mitigations None ##

Affected Software

CPE Name Name Version
tivoli netcool/impact 7.1.0