Integration News

IBM Sterling External Authentication Server is vulnerable to Apache Commons IO

Summary
Security Bulletin:IBM Sterling External Authentication Server is vulnerable to Apache Commons IO.

Vulnerability Details
CVEID: CVE-2024-47554
Description: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: IBM X-Force
CVSS Base score: 5.3
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

Product

Affected Version

Fixed-in Version(s)

Remediation

IBM Secure External Authentication Server

6.1.0.0 - 6.1.0.2

6.1.0.2 iFix 03

IBM Secure External Authentication Server

6.0.3.0 - 6.0.3.1

6.0.3.1 iFix 03

Workarounds and Mitigations

None.

Change History

09 Jul 2025: Initial Publication

Click the button below to download this newsletter in PDF format.

Download

 

 

home.b2b.solutions
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.