Integration News

IBM Sterling External Authentication Server is vuulnerable due to path-to-regexp

Summary
IBM Sterling External Authentication Server uses the npm path-to-regexp, which is vulnerable to CVE-2024-45296.

Vulnerability Details
CVEID: CVE-2024-45296
Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
CWE: CWE-1333: Inefficient Regular Expression Complexity
CVSS Source: CVE.org
CVSS Base score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

Product

Affected Version

Fixed-in Version(s)

Remediation

IBM Sterling External Authentication Server

6.1.0.0 - 6.1.0.2

6.1.0.2 iFix 03

Workarounds and Mitigations

None.

Change History

09 Jul 2025: Initial Publication

Click the button below to download this newsletter in PDF format.

Download
home.b2b.solutions
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.