CVE-2025-36115

Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

CVSS 6.3 MEDIUMEPSS 0.1%CWE-384

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Productos afectados

IBM · Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.ibm.com/support/pages/node/7257244