Credential Extraction Vulnerability in IBM Personal Communications
CVE-2016-0321
6.2MEDIUM
Summary
IBM Personal Communications versions 6.x prior to 6.0.17 and 12.x prior to 12.0.0.1 are susceptible to a vulnerability that permits local users to extract sensitive credentials. By gaining access to the victim's account, an attacker can execute a PowerShell script that reveals stored passwords, posing significant security risks for users with sensitive data. This vulnerability underscores the importance of strict access controls and careful management of user permissions to mitigate unauthorized credential retrieval.
References
CVSS V3.1
Score:
6.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved