27 matches found
CVE-2025-36115
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36066
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...
CVE-2025-36115
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36113
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36115 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36113 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2025-36066 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...
CVE-2025-36066 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...
CVE-2025-36066
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...
CVE-2025-36065
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (5.2.0.00–5.2.0.12) has a session management flaw: it does not invalidate the user session after a browser closure, enabling an authenticated user to impersonate another user. The issue is classed under Insufficient Session Ex...
CVE-2025-36063
The vulnerability CVE-2025-36063 affects IBM Sterling Connect:Express Adapter for Sterling B2B Integrator, version 5.2.0.00–5.2.0.12. The root cause is that the adapter does not invalidate the user session after logout, potentially allowing an authenticated user to impersonate another user in the...
IBM Sterling Connect: Express Adapter for Sterling Cross-Site Script Vulnerability
IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. The versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling contain cross-site scripting vulnerabilities...
IBM Sterling Connect: Express Adapter for Sterling code issue and vulnerability
IBM Sterling Connect:Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. There are code-related vulnerabilities in IBM Sterling Connect:Express Adapter for Sterling. These vulnerabilities stem from the failur...
IBM Sterling Connect: Express Adapter for Sterling Cross-Site Script Vulnerability
IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. The versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling contain cross-site scripting vulnerabilities...
PT-2026-3590
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
Security Bulletin: Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX. These vulnerabilities are specifically found in the Sterling Connect:Express Adapter for Sterling B2B Integrator. The Web interface is delivered with this product as an additional component of the services...
EUVD-2025-30769
Malicious code in bioql PyPI...
CVE-2025-36064
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...
CVE-2025-36064
IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...