CVE-2016-0321
medium
CVSS v3
6.2
CVSS v2
2.1
VIR risk
6.2
Description
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
Predictions
Exploit likelihood
62%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21981692
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | personal_communications | 12.0.0 | |
| ibm | personal_communications | 6.0.0 | |
| ibm | personal_communications | 6.0.1 | |
| ibm | personal_communications | 6.0.2 | |
| ibm | personal_communications | 6.0.3 | |
| ibm | personal_communications | 6.0.4 | |
| ibm | personal_communications | 6.0.5 | |
| ibm | personal_communications | 6.0.6 | |
| ibm | personal_communications | 6.0.7 | |
| ibm | personal_communications | 6.0.8 | |
| ibm | personal_communications | 6.0.9 | |
| ibm | personal_communications | 6.0.10 | |
| ibm | personal_communications | 6.0.11 | |
| ibm | personal_communications | 6.0.12 | |
| ibm | personal_communications | 6.0.13 | |
| ibm | personal_communications | 6.0.14 | |
| ibm | personal_communications | 6.0.15 | |
| ibm | personal_communications | 6.0.16 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
- http://www-01.ibm.com/support/docview.wss?uid=swg21981692
- http://www.securityfocus.com/bid/91751
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
- http://www-01.ibm.com/support/docview.wss?uid=swg21981692
- http://www.securityfocus.com/bid/91751
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.