Vulnerability Details CVE-2016-0321
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.9%
CVSS Severity
CVSS v3 Score 6.2
CVSS v2 Score 2.1
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
- http://www-01.ibm.com/support/docview.wss?uid=swg21981692
- http://www.securityfocus.com/bid/91751
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
- http://www-01.ibm.com/support/docview.wss?uid=swg21981692
- http://www.securityfocus.com/bid/91751
Products affected by CVE-2016-0321
-
cpe:2.3:a:ibm:personal_communications:12.0.0
-
cpe:2.3:a:ibm:personal_communications:6.0.0
-
cpe:2.3:a:ibm:personal_communications:6.0.1
-
cpe:2.3:a:ibm:personal_communications:6.0.10
-
cpe:2.3:a:ibm:personal_communications:6.0.11
-
cpe:2.3:a:ibm:personal_communications:6.0.12
-
cpe:2.3:a:ibm:personal_communications:6.0.13
-
cpe:2.3:a:ibm:personal_communications:6.0.14
-
cpe:2.3:a:ibm:personal_communications:6.0.15
-
cpe:2.3:a:ibm:personal_communications:6.0.16
-
cpe:2.3:a:ibm:personal_communications:6.0.2
-
cpe:2.3:a:ibm:personal_communications:6.0.3
-
cpe:2.3:a:ibm:personal_communications:6.0.4
-
cpe:2.3:a:ibm:personal_communications:6.0.5
-
cpe:2.3:a:ibm:personal_communications:6.0.6
-
cpe:2.3:a:ibm:personal_communications:6.0.7
-
cpe:2.3:a:ibm:personal_communications:6.0.8
-
cpe:2.3:a:ibm:personal_communications:6.0.9