CVE-2016-0321

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Personal Communications
Vendor: CVE Published:; 17 July 2016

Summary

IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21981692

x_refsource_CONFIRM

http://www.securityfocus.com/bid/91751

vdb-entryx_refsource_BID

http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006

vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2016
Vulnerability Reserved
Dec 8, 2015

.