CVE-2016-0321: Infoleak
First published: Sun Jul 17 2016(Updated: )
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Personal Communications | =12.0.0 | |
| IBM Personal Communications | =6.0.0 | |
| IBM Personal Communications | =6.0.1 | |
| IBM Personal Communications | =6.0.2 | |
| IBM Personal Communications | =6.0.3 | |
| IBM Personal Communications | =6.0.4 | |
| IBM Personal Communications | =6.0.5 | |
| IBM Personal Communications | =6.0.6 | |
| IBM Personal Communications | =6.0.7 | |
| IBM Personal Communications | =6.0.8 | |
| IBM Personal Communications | =6.0.9 | |
| IBM Personal Communications | =6.0.10 | |
| IBM Personal Communications | =6.0.11 | |
| IBM Personal Communications | =6.0.12 | |
| IBM Personal Communications | =6.0.13 | |
| IBM Personal Communications | =6.0.14 | |
| IBM Personal Communications | =6.0.15 | |
| IBM Personal Communications | =6.0.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0321?
CVE-2016-0321 is rated as a moderate severity vulnerability due to its potential for credential extraction by local users.
How do I fix CVE-2016-0321?
To fix CVE-2016-0321, it is recommended to upgrade IBM Personal Communications to version 6.0.17 or later, or 12.0.0.1 or later.
What software versions are affected by CVE-2016-0321?
CVE-2016-0321 affects IBM Personal Communications versions 6.x before 6.0.17 and 12.x before 12.0.0.1.
Who can exploit CVE-2016-0321?
Local users with access to the victim account can exploit CVE-2016-0321 by executing a PowerShell script to extract passwords.
What is the impact of CVE-2016-0321?
The impact of CVE-2016-0321 is that it allows an attacker to discover sensitive passwords from the compromised IBM Personal Communications application.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm personal communications
- version/ibm personal communications/12.0.0
- version/ibm personal communications/6.0.0
- version/ibm personal communications/6.0.1
- version/ibm personal communications/6.0.2
- version/ibm personal communications/6.0.3
- version/ibm personal communications/6.0.4
- version/ibm personal communications/6.0.5
- version/ibm personal communications/6.0.6
- version/ibm personal communications/6.0.7
- version/ibm personal communications/6.0.8
- version/ibm personal communications/6.0.9
- version/ibm personal communications/6.0.10
- version/ibm personal communications/6.0.11
- version/ibm personal communications/6.0.12
- version/ibm personal communications/6.0.13
- version/ibm personal communications/6.0.14
- version/ibm personal communications/6.0.15
- version/ibm personal communications/6.0.16