CVE-2025-36115

Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

CVSS 6.3 MEDIUMEPSS 0.1%CWE-384

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

IBM · Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.ibm.com/support/pages/node/7257244