Vulnerabilites related to ibm - personal_communications
Vulnerability from fkie_nvd
Published
2025-04-08 16:15
Modified
2025-09-29 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7230335 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | personal_communications | 14.0.0 | |
| ibm | personal_communications | 15.0.0 | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:personal_communications:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4051DE80-1340-49B1-B7A3-F8C2ED5C4988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:15.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "931D6B27-77ED-4C9C-8440-8F18DEEDDF23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029."
},
{
"lang": "es",
"value": "IBM Personal Communications v14 y v15 incluyen un servicio de Windows vulnerable a la escalada de privilegios locales (LPE). Esta vulnerabilidad permite a cualquier usuario conectado interactivamente en el equipo objetivo ejecutar comandos con privilegios completos en el contexto de NT AUTHORITY\\SYSTEM. Esto permite que un atacante con pocos privilegios escale sus privilegios. Esta vulnerabilidad se debe a una correcci\u00f3n incompleta para CVE-2024-25029."
}
],
"id": "CVE-2025-1095",
"lastModified": "2025-09-29T16:15:37.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-08T16:15:24.910",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7230335"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-420"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-03-02 11:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | personal_communications | 5.9.7.0 | |
| ibm | personal_communications | 5.9.7.1 | |
| ibm | personal_communications | 6.0.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:personal_communications:5.9.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9324AE21-FC8B-4B02-9ED3-D1CD85D41D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:5.9.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C47AA1EC-0A36-4D15-B454-58E79A9C3720",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9AAB4800-9B23-438D-AD9F-C95867D20852",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer de pila en pcspref.dll de pcsws.exe de IBM Personal Communications 5.9.x anteriores a 5.9.8 y 6.0.x anteriores a 6.0.4 permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena de perfil extensa (\"long profile string\") en un archivo WorkStation (.ws)."
}
],
"id": "CVE-2012-0201",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-03-02T11:55:00.853",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586166"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18539/"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit"
],
"url": "http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/18539/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73127"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-17 22:59
Modified
2025-04-12 10:46
Severity ?
Summary
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | personal_communications | 12.0.0 | |
| ibm | personal_communications | 6.0.0 | |
| ibm | personal_communications | 6.0.1 | |
| ibm | personal_communications | 6.0.2 | |
| ibm | personal_communications | 6.0.3 | |
| ibm | personal_communications | 6.0.4 | |
| ibm | personal_communications | 6.0.5 | |
| ibm | personal_communications | 6.0.6 | |
| ibm | personal_communications | 6.0.7 | |
| ibm | personal_communications | 6.0.8 | |
| ibm | personal_communications | 6.0.9 | |
| ibm | personal_communications | 6.0.10 | |
| ibm | personal_communications | 6.0.11 | |
| ibm | personal_communications | 6.0.12 | |
| ibm | personal_communications | 6.0.13 | |
| ibm | personal_communications | 6.0.14 | |
| ibm | personal_communications | 6.0.15 | |
| ibm | personal_communications | 6.0.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC213B-BC7E-4AB1-BC48-58227BE008FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "050B8D11-FA5E-4F70-9934-057479F6260E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838D216B-5C30-4CFF-9740-A0AB18A281B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA429D0C-CDBF-4864-B661-E13733A84675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E0730A-8C81-4D5C-B11C-3FBD9AF50FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A007FE4A-C587-4ABC-8E5E-BAA8B9FD10C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2FCFDF-C876-4630-B899-FEB56BAA4F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5738F6B4-952C-4EFE-868C-53AEB2151224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8081C4E7-E42F-4C79-B11F-8280412768D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF981B9-C7F9-4926-9310-AD30B2E1BFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10FF32-B5A5-45EF-B626-F6300644ECE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B6DADA-B769-44CA-A6DF-11DB26831696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "87BD8E7B-68FD-488C-A2F7-60A9C5A1FA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C540FB24-5B13-4489-8012-052209C3E421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "A66BF474-B69D-4610-85DD-9E79B69B08B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8223D044-D8F9-4F43-B44C-F28A19F3275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F93907E7-C765-43E6-839F-25C8C8BE5C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6D1D51A4-4975-436A-B30B-CD950E74EF7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script."
},
{
"lang": "es",
"value": "IBM Personal Communications (tambi\u00e9n conocido como PCOMM) 6.x en versiones anteriores a 6.0.17 y 12.x en versiones anteriores a 12.0.0.1 no restringe correctamente la extracci\u00f3n de credenciales, lo cual permite a usuarios locales descubrir contrase\u00f1as aprovechando el acceso a la cuenta de la v\u00edctima y ejecutando una secuencia de comandos PowerShell."
}
],
"id": "CVE-2016-0321",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-17T22:59:00.177",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/91751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91751"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-06 12:15
Modified
2025-05-07 16:27
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 | Vendor Advisory, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7147672 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 | Vendor Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7147672 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | personal_communications | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:personal_communications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86C8DA55-21C3-4290-A9FB-354431351B87",
"versionEndIncluding": "15.0.1",
"versionStartIncluding": "14.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619."
},
{
"lang": "es",
"value": "IBM Personal Communications 14.0.6 a 15.0.1 incluye un servicio de Windows que es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE) y a la escalada de privilegios local (LPE). La vulnerabilidad permite a cualquier usuario sin privilegios con acceso a la red de una computadora de destino ejecutar comandos con privilegios completos en el contexto de NT AUTHORITY\\SYSTEM. Esto permite que un atacante con pocos privilegios se mueva lateralmente a los sistemas afectados y aumente sus privilegios. ID de IBM X-Force: 281619."
}
],
"id": "CVE-2024-25029",
"lastModified": "2025-05-07T16:27:08.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-04-06T12:15:08.400",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281619"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7147672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7147672"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-1095 (GCVE-0-2025-1095)
Vulnerability from cvelistv5
Published
2025-04-08 15:11
Modified
2025-09-29 15:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-420 - Unprotected Alternate Channel
Summary
IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7230335 | vendor-advisory, patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Personal Communications |
Version: v14 Version: v15 cpe:2.3:a:ibm:personal_communications:14.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:personal_communications:15.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T04:00:52.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:personal_communications:14.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:personal_communications:15.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Personal Communications",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "v14"
},
{
"status": "affected",
"version": "v15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029.\u003c/span\u003e"
}
],
"value": "IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T15:29:18.930Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7230335"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Personal Communications command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1095",
"datePublished": "2025-04-08T15:11:16.272Z",
"dateReserved": "2025-02-06T21:21:05.157Z",
"dateUpdated": "2025-09-29T15:29:18.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25029 (GCVE-0-2024-25029)
Vulnerability from cvelistv5
Published
2024-04-06 11:51
Modified
2024-08-01 23:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7147672 | vendor-advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 | vdb-entry |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Personal Communications |
Version: 14.0.6 ≤ 15.0.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:personal_communications:14.0.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "personal_communications",
"vendor": "ibm",
"versions": [
{
"lessThanOrEqual": "15.0.1",
"status": "affected",
"version": "14.0.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-08T16:19:45.427402Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T22:10:54.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7147672"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Personal Communications",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "15.0.1",
"status": "affected",
"version": "14.0.6",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619."
}
],
"value": "IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-06T11:51:45.548Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7147672"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281619"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Personal Communications code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-25029",
"datePublished": "2024-04-06T11:51:45.548Z",
"dateReserved": "2024-02-03T14:49:11.962Z",
"dateUpdated": "2024-08-01T23:36:21.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0201 (GCVE-0-2012-0201)
Vulnerability from cvelistv5
Published
2012-03-02 11:00
Modified
2024-08-06 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/18539/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21586166 | x_refsource_CONFIRM | |
| http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt | x_refsource_MISC | |
| http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/73127 | vdb-entry, x_refsource_XF | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539 | vendor-advisory, x_refsource_AIXAPAR | |
| http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:19.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18539",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18539/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws"
},
{
"name": "pcom-pcspref-bo(73127)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73127"
},
{
"name": "IC81539",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "18539",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18539/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws"
},
{
"name": "pcom-pcspref-bo(73127)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73127"
},
{
"name": "IC81539",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18539",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18539/"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21586166",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21586166"
},
{
"name": "http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt",
"refsource": "MISC",
"url": "http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt"
},
{
"name": "http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws",
"refsource": "MISC",
"url": "http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws"
},
{
"name": "pcom-pcspref-bo(73127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73127"
},
{
"name": "IC81539",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539"
},
{
"name": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb",
"refsource": "MISC",
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-0201",
"datePublished": "2012-03-02T11:00:00",
"dateReserved": "2011-12-14T00:00:00",
"dateUpdated": "2024-08-06T18:16:19.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0321 (GCVE-0-2016-0321)
Vulnerability from cvelistv5
Published
2016-07-17 22:00
Modified
2024-08-05 22:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21981692 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91751 | vdb-entry, x_refsource_BID | |
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006 | vendor-advisory, x_refsource_AIXAPAR |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:15:23.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692"
},
{
"name": "91751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91751"
},
{
"name": "IT12006",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692"
},
{
"name": "91751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91751"
},
{
"name": "IT12006",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692"
},
{
"name": "91751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91751"
},
{
"name": "IT12006",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-0321",
"datePublished": "2016-07-17T22:00:00",
"dateReserved": "2015-12-08T00:00:00",
"dateUpdated": "2024-08-05T22:15:23.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}