Credential Extraction Vulnerability in IBM Personal Communications
CVE-2016-0321

6.2MEDIUM

Key Information:

Vendor

IBM
Status
Personal Communications
Vendor
CVE Published:
17 July 2016

What is CVE-2016-0321?

IBM Personal Communications versions 6.x prior to 6.0.17 and 12.x prior to 12.0.0.1 are susceptible to a vulnerability that permits local users to extract sensitive credentials. By gaining access to the victim's account, an attacker can execute a PowerShell script that reveals stored passwords, posing significant security risks for users with sensitive data. This vulnerability underscores the importance of strict access controls and careful management of user permissions to mitigate unauthorized credential retrieval.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21981692
x_refsource_CONFIRM
http://www.securityfocus.com/bid/91751
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.