exploitDog

CVE-2025-36115

Опубликовано: 20 янв. 2026

Источник: nvd

CVSS3: 6.3

CVSS3: 6.5

EPSS Низкий

Описание

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Ссылки

https://www.ibm.com/support/pages/node/7257244
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:sterling_connect\:express_adapter_for_sterling_b2b_integrator:*:*:*:*:*:*:*:*

Версия от 5.2.0.00 (включая) до 5.2.0.13 (исключая)

EPSS

Процентиль: 9%

0.00034

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-384

Связанные уязвимости

GHSA-pqhf-8hv3-ccc7

CVSS3: 6.3

github

18 дней назад

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

EPSS

Процентиль: 9%

0.00034

Низкий

6.3 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-384