CVE-2025-36115

MEDIUM

IBM Sterling Connect:Express Adapter - Privilege Escalation

Title source: llm
STIX 2.1

Description

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory patch
https://www.ibm.com/support/pages/node/7257244

Scores

CVSS v3 6.3
EPSS 0.0014
EPSS Percentile 3.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-384
Status published
Products (1)
ibm/sterling_connect\ 5.2.0.00 - 5.2.0.13
Published Jan 20, 2026
Tracked Since Feb 18, 2026