CVE-2016-0321

MEDIUM

IBM Personal Communications <6.0.17-12.0.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21981692
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91751
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006

Scores

CVSS v3 6.2
EPSS 0.0037
EPSS Percentile 29.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (18)
ibm/personal_communications 12.0.0
ibm/personal_communications 6.0.0
ibm/personal_communications 6.0.1
ibm/personal_communications 6.0.2
ibm/personal_communications 6.0.3
ibm/personal_communications 6.0.4
ibm/personal_communications 6.0.5
ibm/personal_communications 6.0.6
ibm/personal_communications 6.0.7
ibm/personal_communications 6.0.8
... and 8 more
Published Jul 17, 2016
Tracked Since Feb 18, 2026