CVE-2025-36115

Published: Jan 20, 2026Modified: Feb 3, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Affected (1)

Products: Ibm: Sterling Connect\

Ibm

1 product

Sterling Connect\

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Sterling Connect\	From 5.2.0.00 to 5.2.0.13

Related CWEs

CWE-384

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (1)

https://www.ibm.com/support/pages/node/7257244

Source: psirt@us.ibm.com

Vendor Advisory

Timeline

No history available yet.