CVE-2025-36115

Summary

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Affected Software

VendorProductVersion RangeStatus
IBMSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.00 <= 5.2.0.12affected

Weaknesses

  • CWE-384: CWE-384 Session Fixation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References