CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25029

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.9%

CVSS Severity

CVSS v3 Score 9.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/281619
https://www.ibm.com/support/pages/node/7147672
https://exchange.xforce.ibmcloud.com/vulnerabilities/281619
https://www.ibm.com/support/pages/node/7147672

Products affected by CVE-2024-25029

Ibm » Personal Communications » Version: 14.0.6

cpe:2.3:a:ibm:personal_communications:14.0.6
Ibm » Personal Communications » Version: 15.0.1

cpe:2.3:a:ibm:personal_communications:15.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25029

Products

Pricing

Contact Us