CVE-2025-36115

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-36115

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-36115.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-36115

Published

2026-01-20T16:16:03.703Z

Modified

2026-03-12T20:19:52.650700Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

References

https://www.ibm.com/support/pages/node/7257244

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "5.2.0.00"
            },
            {
                "fixed": "5.2.0.13"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-36115.json"