CVE-2016-0321 Information

Description

IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/91751 http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006 http://www-01.ibm.com/support/docview.wss?uid=swg21981692

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.2