{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-36115", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-04-15T21:16:17.124Z", "datePublished": "2026-01-20T15:18:17.680Z", "dateUpdated": "2026-01-20T15:51:47.539Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"], "product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0", "vendor": "IBM", "versions": [{"lessThanOrEqual": "5.2.0.12", "status": "affected", "version": "5.2.0.00", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.</p>"}], "value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-384", "description": "CWE-384 Session Fixation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-20T15:18:17.680Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7257244"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><table><tbody><tr><td>Affected Product(s)</td><td>Fixed in release</td><td>Instructions</td></tr><tr><td>Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0</td><td>5.2.0.13</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator&amp;release=5.2.0.13&amp;platform=All&amp;function=all\">IBM Support: Fix Central - Select fixes</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013&amp;continue=1\"></a></td></tr></tbody></table>&nbsp;</div>"}], "value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes"}], "title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.", "x_generator": {"engine": "ibm-cvegen"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T15:51:26.339222Z", "id": "CVE-2025-36115", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T15:51:47.539Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-36115", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T15:51:26.339222Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T15:51:39.611Z"}}], "cna": {"title": "Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.00:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:sterling_connectexpress_adapter_for_sterling_b2b_integrator_520:5.2.0.12:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0", "versions": [{"status": "affected", "version": "5.2.0.00", "versionType": "semver", "lessThanOrEqual": "5.2.0.12"}]}], "solutions": [{"lang": "en", "value": "Affected Product(s)Fixed in releaseInstructionsSterling Connect:Express Adapter for Sterling B2B Integrator 5.2.05.2.0.13 IBM Support: Fix Central - Select fixes https://www.ibm.com/support/fixcentral/swg/selectFixes https://www.ibm.com/support/fixcentral/swg/doSelectFixes", "supportingMedia": [{"type": "text/html", "value": "<div><table><tbody><tr><td>Affected Product(s)</td><td>Fixed in release</td><td>Instructions</td></tr><tr><td>Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0</td><td>5.2.0.13</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&amp;product=ibm/Other+software/Sterling+Connect%3AExpress+Adapter+for+Sterling+B2B+Integrator&amp;release=5.2.0.13&amp;platform=All&amp;function=all\">IBM Support: Fix Central - Select fixes</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.0.13-Other-software-Sterling-Connect.Express.Adapter.for.Sterling.B2B.Integrator-fp0013&amp;continue=1\"></a></td></tr></tbody></table>&nbsp;</div>", "base64": false}]}], "references": [{"url": "https://www.ibm.com/support/pages/node/7257244", "tags": ["vendor-advisory", "patch"]}], "x_generator": {"engine": "ibm-cvegen"}, "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.", "supportingMedia": [{"type": "text/html", "value": "<p>IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-384", "description": "CWE-384 Session Fixation"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2026-01-20T15:18:17.680Z"}}}, "cveMetadata": {"cveId": "CVE-2025-36115", "state": "PUBLISHED", "dateUpdated": "2026-01-20T15:51:47.539Z", "dateReserved": "2025-04-15T21:16:17.124Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2026-01-20T15:18:17.680Z", "assignerShortName": "ibm"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:sterling_connect\\:express_adapter_for_sterling_b2b_integrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FAC986A-388C-48CB-9717-817B108C98F7", "versionEndExcluding": "5.2.0.13", "versionStartIncluding": "5.2.0.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system."}], "id": "CVE-2025-36115", "lastModified": "2026-02-03T21:56:33.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-20T16:16:03.703", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7257244"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "psirt@us.ibm.com", "type": "Primary"}]}

{}

{}