Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.7 views

CVE-2025-36115

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.5AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.6 views

CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 4:16 p.m.4 views

CVE-2025-36115

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

6.5CVSS5.8AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 4:16 p.m.6 views

CVE-2025-36113

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS0.00144EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:18 p.m.4 views

CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.5AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:18 p.m.19 views

CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...

6.3CVSS0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:15 p.m.5 views

CVE-2025-36113 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/20 3:14 p.m.15 views

CVE-2025-36066 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 3:14 p.m.6 views

CVE-2025-36066 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS5.1AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 3:14 p.m.4 views

CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

6.1CVSS5AI score0.00172EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/01/20 3:12 p.m.12 views

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (5.2.0.00–5.2.0.12) has a session management flaw: it does not invalidate the user session after a browser closure, enabling an authenticated user to impersonate another user. The issue is classed under Insufficient Session Ex...

6.5CVSS5.5AI score0.00158EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/20 3:10 p.m.11 views

CVE-2025-36063

The vulnerability CVE-2025-36063 affects IBM Sterling Connect:Express Adapter for Sterling B2B Integrator, version 5.2.0.00–5.2.0.12. The root cause is that the adapter does not invalidate the user session after logout, potentially allowing an authenticated user to impersonate another user in the...

6.5CVSS5.5AI score0.00145EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

IBM Sterling Connect: Express Adapter for Sterling Cross-Site Script Vulnerability

IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. The versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling contain cross-site scripting vulnerabilities...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

IBM Sterling Connect: Express Adapter for Sterling code issue and vulnerability

IBM Sterling Connect:Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. There are code-related vulnerabilities in IBM Sterling Connect:Express Adapter for Sterling. These vulnerabilities stem from the failur...

6.5CVSS5.8AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.6 views

IBM Sterling Connect: Express Adapter for Sterling Cross-Site Script Vulnerability

IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. The versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling contain cross-site scripting vulnerabilities...

6.1CVSS5.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3590

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.1AI score0.00144EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/16 2:26 p.m.8 views

Security Bulletin: Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

Summary Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX. These vulnerabilities are specifically found in the Sterling Connect:Express Adapter for Sterling B2B Integrator. The Web interface is delivered with this product as an additional component of the services...

6.5CVSS6.3AI score0.00172EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-30769

Malicious code in bioql PyPI...

5.9CVSS6.6AI score0.00475EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.4 views

CVE-2025-36064

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

5.9CVSS6.6AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2025/09/22 7:15 p.m.2 views

CVE-2025-36064

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

5.9CVSS5.8AI score0.00475EPSS
Exploits0References1
Rows per page
Query Builder