Lucene search

IBM766A7BB63B4E36ED81A7517D52F662B7389757B3FF6FD859FA0695177C118849

HistoryNov 03, 2023 - 6:56 p.m.

Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)

2023-11-0318:56:30

www.ibm.com

ibm personal communications

unauthorized access

vulnerability

cve-2016-0321

sensitive information

user passwords

remote user

unauthorized access

compromised system

malicious attachment

malicious website

malware

user privileges

powershell script

design flaw

ibm

personal communications

affected versions

remediation

fixes

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Summary

IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system (by the victim opening a mail with a malicious attachment or visiting a malicious website). Malware could run with user privileges but not necessarily having access to the password. An attacker could retrieve user credentials by running PowerShell Script and by exploiting design flaw in IBM Personal Communications to extract users’ password.

Vulnerability Details

CVEID:CVE-2016-0321

DESCRIPTION:

IBM PCOMM could allow a remote user to obtain sensitive information including user passwords, leading to un-authorized access.

CVSS Base Score: 5.9
CVSS Temporal Score: See _<http://exchange.xforce.ibmcloud.com/vulnerabilities/111584>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Personal Communications from version 6.0 to 6.0.16 and version 12.0 on all supported platforms as well as PCOMM versions 13.0.0 - 13.0.1 are the affected versions. After the PCOMM v1302 release, this issue has been resolved for all PCOMM versions.

Remediation/Fixes

Product

VRMF

APAR

|
Remediation/First Fix
—|—|—|—
IBM Personal communication | 13.0.2 | IT25704 | <https://www.ibm.com/support/pages/node/738343>
IBM Personal communication | 12.0.0.1 | IT12006 |
http://www-01.ibm.com/support/docview.wss?uid=swg24042354
IBM Personal communication | 6.0.17 | IT12006 | http://www-01.ibm.com/support/docview.wss?uid=swg24042475

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmpersonal_communicationsMatch12.0.0

ibmpersonal_communicationsMatch13.0.0

ibmpersonal_communicationsMatch13.0.1

ibmpersonal_communicationsMatch6.0.0

ibmpersonal_communicationsMatch6.0.1

ibmpersonal_communicationsMatch6.0.10

ibmpersonal_communicationsMatch6.0.11

ibmpersonal_communicationsMatch6.0.12

ibmpersonal_communicationsMatch6.0.13

ibmpersonal_communicationsMatch6.0.14

ibmpersonal_communicationsMatch6.0.15

ibmpersonal_communicationsMatch6.0.16

ibmpersonal_communicationsMatch6.0.2

ibmpersonal_communicationsMatch6.0.3

ibmpersonal_communicationsMatch6.0.4

ibmpersonal_communicationsMatch6.0.5

ibmpersonal_communicationsMatch6.0.6

ibmpersonal_communicationsMatch6.0.7

ibmpersonal_communicationsMatch6.0.8

ibmpersonal_communicationsMatch6.0.9

VendorProductVersionCPE
ibmpersonal_communications12.0.0cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:*
ibmpersonal_communications13.0.0cpe:2.3:a:ibm:personal_communications:13.0.0:*:*:*:*:*:*:*
ibmpersonal_communications13.0.1cpe:2.3:a:ibm:personal_communications:13.0.1:*:*:*:*:*:*:*
ibmpersonal_communications6.0.0cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:*
ibmpersonal_communications6.0.1cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:*
ibmpersonal_communications6.0.10cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:*
ibmpersonal_communications6.0.11cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:*
ibmpersonal_communications6.0.12cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:*
ibmpersonal_communications6.0.13cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:*
ibmpersonal_communications6.0.14cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	personal_communications	12.0.0	cpe:2.3:a:ibm:personal_communications:12.0.0:::::::*
ibm	personal_communications	13.0.0	cpe:2.3:a:ibm:personal_communications:13.0.0:::::::*
ibm	personal_communications	13.0.1	cpe:2.3:a:ibm:personal_communications:13.0.1:::::::*
ibm	personal_communications	6.0.0	cpe:2.3:a:ibm:personal_communications:6.0.0:::::::*
ibm	personal_communications	6.0.1	cpe:2.3:a:ibm:personal_communications:6.0.1:::::::*
ibm	personal_communications	6.0.10	cpe:2.3:a:ibm:personal_communications:6.0.10:::::::*
ibm	personal_communications	6.0.11	cpe:2.3:a:ibm:personal_communications:6.0.11:::::::*
ibm	personal_communications	6.0.12	cpe:2.3:a:ibm:personal_communications:6.0.12:::::::*
ibm	personal_communications	6.0.13	cpe:2.3:a:ibm:personal_communications:6.0.13:::::::*
ibm	personal_communications	6.0.14	cpe:2.3:a:ibm:personal_communications:6.0.14:::::::*

Rows per page:

1-10 of 201

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

34.1%

JSON

Related for 766A7BB63B4E36ED81A7517D52F662B7389757B3FF6FD859FA0695177C118849