CVE-2016-0321
MEDIUMIBM Personal Communications <6.0.17-12.0.0.1 - Info Disclosure
Title source: llmDescription
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21981692
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91751
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
Scores
CVSS v3
6.2
EPSS
0.0037
EPSS Percentile
29.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (18)
ibm/personal_communications
12.0.0
ibm/personal_communications
6.0.0
ibm/personal_communications
6.0.1
ibm/personal_communications
6.0.2
ibm/personal_communications
6.0.3
ibm/personal_communications
6.0.4
ibm/personal_communications
6.0.5
ibm/personal_communications
6.0.6
ibm/personal_communications
6.0.7
ibm/personal_communications
6.0.8
... and 8 more
Published
Jul 17, 2016
Tracked Since
Feb 18, 2026