CVE-2025-36063
📋 TL;DR
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator fails to properly invalidate user sessions after logout, allowing authenticated users to potentially reuse old session tokens to impersonate other users. This affects organizations using IBM Sterling B2B Integrator 5.2.0 with the Connect:Express Adapter component.
💻 Affected Systems
- IBM Sterling Connect:Express Adapter for Sterling B2B Integrator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious user could hijack another user's session after they logout, gaining unauthorized access to sensitive B2B integration data and potentially performing unauthorized transactions or data modifications.
Likely Case
An authenticated user with malicious intent could maintain access to the system using another user's session after logout, potentially accessing data they shouldn't have permission to view.
If Mitigated
With proper session management controls and monitoring, the impact is limited to potential unauthorized data access within the authenticated user context.
🎯 Exploit Status
Exploitation requires authenticated access to the system and knowledge of session management flaws.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.2.0.13 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7257244
Restart Required: Yes
Instructions:
1. Download the latest fix pack from IBM Fix Central. 2. Apply the fix pack following IBM's installation instructions. 3. Restart the Sterling B2B Integrator services. 4. Verify the version is now 5.2.0.13 or higher.
🔧 Temporary Workarounds
Session Timeout Reduction
allReduce session timeout values to minimize window for session reuse
Configure session timeout in Sterling B2B Integrator configuration files
Force Logout Implementation
allImplement custom logout functionality that explicitly invalidates sessions
Implement session invalidation in logout procedures
🧯 If You Can't Patch
- Implement strict access controls and monitoring for authenticated sessions
- Deploy web application firewall with session fixation protection rules
🔍 How to Verify
Check if Vulnerable:
Check the version of IBM Sterling Connect:Express Adapter in Sterling B2B Integrator administration consoleCheck Version:
Check version through Sterling B2B Integrator admin interface or configuration filesVerify Fix Applied:
Verify the version is 5.2.0.13 or higher and test logout functionality to ensure sessions are properly invalidated📡 Detection & Monitoring
Log Indicators:
- Multiple active sessions for same user ID
- Session reuse after logout events
- Unusual access patterns from same session token
Network Indicators:
- Session tokens being reused across different IP addresses
- Multiple concurrent sessions with same credentials
SIEM Query:
source="sterling_b2b" AND (event="session_reuse" OR (event="logout" AND session_active>0))