CVE-2016-0321

EUVD-2016-0356
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
ibmpersonal_communications
12.0.0
ibmpersonal_communications
6.0.0
ibmpersonal_communications
6.0.1
ibmpersonal_communications
6.0.2
ibmpersonal_communications
6.0.3
ibmpersonal_communications
6.0.4
ibmpersonal_communications
6.0.5
ibmpersonal_communications
6.0.6
ibmpersonal_communications
6.0.7
ibmpersonal_communications
6.0.8
ibmpersonal_communications
6.0.9
ibmpersonal_communications
6.0.10
ibmpersonal_communications
6.0.11
ibmpersonal_communications
6.0.12
ibmpersonal_communications
6.0.13
ibmpersonal_communications
6.0.14
ibmpersonal_communications
6.0.15
ibmpersonal_communications
6.0.16
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
http://www-01.ibm.com/support/docview.wss?uid=swg21981692
http://www.securityfocus.com/bid/91751
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006
http://www-01.ibm.com/support/docview.wss?uid=swg21981692
http://www.securityfocus.com/bid/91751