CVE-2025-36115
📋 TL;DR
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator versions 5.2.0.00 through 5.2.0.12 fails to properly invalidate session IDs after use, allowing authenticated users to hijack other users' sessions. This affects organizations using these specific versions of IBM's B2B integration software for authenticated user impersonation.
💻 Affected Systems
- IBM Sterling Connect:Express Adapter for Sterling B2B Integrator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated malicious user could impersonate administrators or privileged users, potentially gaining unauthorized access to sensitive B2B data, manipulating integration workflows, or compromising the entire Sterling B2B Integrator environment.
Likely Case
Authenticated users with malicious intent could impersonate other regular users to access their data, modify their configurations, or perform actions under their identity within the B2B integration platform.
If Mitigated
With proper session management controls and monitoring, impact would be limited to detection of suspicious session activity and potential minor unauthorized access before containment.
🎯 Exploit Status
Exploitation requires authenticated access to the system. The vulnerability is in session management logic, making exploitation straightforward once an attacker has valid credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply IBM Sterling B2B Integrator 5.2.0.13 or later
Vendor Advisory: https://www.ibm.com/support/pages/node/7257244
Restart Required: Yes
Instructions:
1. Download IBM Sterling B2B Integrator 5.2.0.13 or later from IBM Fix Central. 2. Backup current configuration and data. 3. Apply the update following IBM's installation guide. 4. Restart Sterling B2B Integrator services. 5. Verify the update was successful.
🔧 Temporary Workarounds
Session Timeout Reduction
allReduce session timeout values to minimize the window where session IDs remain valid after use
Modify session timeout settings in Sterling B2B Integrator configuration files according to IBM documentation
Enhanced Session Monitoring
allImplement additional logging and monitoring for session creation and usage patterns
Configure enhanced audit logging for authentication and session events in Sterling B2B Integrator
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all user accounts
- Deploy network segmentation to isolate Sterling B2B Integrator from other critical systems
🔍 How to Verify
Check if Vulnerable:
Check the Sterling B2B Integrator version via administrative console or configuration files. Versions 5.2.0.00 through 5.2.0.12 are vulnerable.Check Version:
Check the version in the Sterling B2B Integrator administrative console or examine the product version in installation directoriesVerify Fix Applied:
Verify the installed version is 5.2.0.13 or later. Test session management by logging in, logging out, and attempting to reuse the same session ID (should fail).📡 Detection & Monitoring
Log Indicators:
- Multiple active sessions from same user account
- Session IDs being reused after logout
- Unusual authentication patterns or location changes
Network Indicators:
- Multiple concurrent connections using same authentication tokens
- Session cookies being transmitted after logout events
SIEM Query:
source="sterling_b2b" AND (event_type="session_reuse" OR (auth_success AND multiple_sessions) OR (user_change AND NOT password_change))