Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Basic Information

ID CVE-2025-36115

Source ibm

Published Jan 20, 2026 at 15:18

Affected Product

Vendor IBM

Product Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0

Version 5.2.0.00

Affected Versions IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00

CWE Classification

CWE-384

References

www.ibm.com /support/pages/node/7257244

{
    "lastseen": "",
    "description": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.",
    "published": "2026-01-20T15:18:17.680Z",
    "modified": "2026-01-20T15:18:17.680Z",
    "type": "cve",
    "title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.",
    "source": "ibm",
    "references": "https://www.ibm.com/support/pages/node/7257244",
    "id": "CVE-2025-36115",
    "bulletinFamily": "",
    "cwe": [
        "CWE-384"
    ],
    "cvelist": null,
    "sourceData": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0",
    "version": "5.2.0.00",
    "vendor": "IBM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX._CVE-2025-36115