CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
34.1%
IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system (by the victim opening a mail with a malicious attachment or visiting a malicious website). Malware could run with user privileges but not necessarily having access to the password. An attacker could retrieve user credentials by running PowerShell Script and by exploiting design flaw in IBM Personal Communications to extract users’ password.
CVEID:CVE-2016-0321
DESCRIPTION:
IBM PCOMM could allow a remote user to obtain sensitive information including user passwords, leading to un-authorized access.
CVSS Base Score: 5.9
CVSS Temporal Score: See _<http://exchange.xforce.ibmcloud.com/vulnerabilities/111584>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Personal Communications from version 6.0 to 6.0.16 and version 12.0 on all supported platforms as well as PCOMM versions 13.0.0 - 13.0.1 are the affected versions. After the PCOMM v1302 release, this issue has been resolved for all PCOMM versions.
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
IBM Personal communication | 13.0.2 | IT25704 | <https://www.ibm.com/support/pages/node/738343>
IBM Personal communication | 12.0.0.1 | IT12006 |
http://www-01.ibm.com/support/docview.wss?uid=swg24042354
IBM Personal communication | 6.0.17 | IT12006 | http://www-01.ibm.com/support/docview.wss?uid=swg24042475
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | personal_communications | 12.0.0 | cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:* |
ibm | personal_communications | 13.0.0 | cpe:2.3:a:ibm:personal_communications:13.0.0:*:*:*:*:*:*:* |
ibm | personal_communications | 13.0.1 | cpe:2.3:a:ibm:personal_communications:13.0.1:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.0 | cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.1 | cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.10 | cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.11 | cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.12 | cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.13 | cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:* |
ibm | personal_communications | 6.0.14 | cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:* |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
34.1%