Vulnerability Description
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Personal Communications | 12.0.0 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
- http://www-01.ibm.com/support/docview.wss?uid=swg21981692Vendor Advisory
- http://www.securityfocus.com/bid/91751
- http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
- http://www-01.ibm.com/support/docview.wss?uid=swg21981692Vendor Advisory
- http://www.securityfocus.com/bid/91751
FAQ
What is CVE-2016-0321?
CVE-2016-0321 is a vulnerability with a CVSS score of 6.2 (MEDIUM). IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access...
How severe is CVE-2016-0321?
CVE-2016-0321 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0321?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Personal Communications.