Integration News
IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability
Summary
IBM Sterling External Authentication Server (SEAS) uses Axios, which is vulnerable to Server-side Request Forgery (SSRF).
Vulnerability Details
CVEID: CVE-2024-39338
Description: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
CWE: Click here.
CVSS Source:CVE.org
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
Remediation/Fixes
Product | Affected Version | Fixed-in Version(s) | Remediation |
IBM Sterling External | 6.1.0.0 - 6.1.0.2 | 6.1.0.2 ifix 01 | |
IBM Sterling External | 6.1.0.0 | 6.1.0.2 GA |
Workarounds and Mitigations
None.
Cliquez sur le bouton ci-dessous pour télécharger cette lettre d’information au format Pdf.
