CVE-2016-0321

Published on: 07/17/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Certain versions of Personal Communications from Ibm contain the following vulnerability:

IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.

  • CVE-2016-0321 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.2 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321) Vendor Advisory
www-01.ibm.com
text/html
URL Logo CONFIRM www-01.ibm.com/support/docview.wss?uid=swg21981692
IT12006: PCOM: PCSNP.EXE PASSES USER NAME AND PASSWORD IN PLAIN TEXT www-01.ibm.com
text/html
URL Logo AIXAPAR IT12006
IBM Personal Communications CVE-2016-0321 Information Disclosure Vulnerability cve.report (archive)
text/html
URL Logo BID 91751

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmPersonal Communications12.0.0AllAllAll
ApplicationIbmPersonal Communications6.0.0AllAllAll
ApplicationIbmPersonal Communications6.0.1AllAllAll
ApplicationIbmPersonal Communications6.0.10AllAllAll
ApplicationIbmPersonal Communications6.0.11AllAllAll
ApplicationIbmPersonal Communications6.0.12AllAllAll
ApplicationIbmPersonal Communications6.0.13AllAllAll
ApplicationIbmPersonal Communications6.0.14AllAllAll
ApplicationIbmPersonal Communications6.0.15AllAllAll
ApplicationIbmPersonal Communications6.0.16AllAllAll
ApplicationIbmPersonal Communications6.0.2AllAllAll
ApplicationIbmPersonal Communications6.0.3AllAllAll
ApplicationIbmPersonal Communications6.0.4AllAllAll
ApplicationIbmPersonal Communications6.0.5AllAllAll
ApplicationIbmPersonal Communications6.0.6AllAllAll
ApplicationIbmPersonal Communications6.0.7AllAllAll
ApplicationIbmPersonal Communications6.0.8AllAllAll
ApplicationIbmPersonal Communications6.0.9AllAllAll
ApplicationIbmPersonal Communications12.0.0AllAllAll
ApplicationIbmPersonal Communications6.0.0AllAllAll
ApplicationIbmPersonal Communications6.0.1AllAllAll
ApplicationIbmPersonal Communications6.0.10AllAllAll
ApplicationIbmPersonal Communications6.0.11AllAllAll
ApplicationIbmPersonal Communications6.0.12AllAllAll
ApplicationIbmPersonal Communications6.0.13AllAllAll
ApplicationIbmPersonal Communications6.0.14AllAllAll
ApplicationIbmPersonal Communications6.0.15AllAllAll
ApplicationIbmPersonal Communications6.0.16AllAllAll
ApplicationIbmPersonal Communications6.0.2AllAllAll
ApplicationIbmPersonal Communications6.0.3AllAllAll
ApplicationIbmPersonal Communications6.0.4AllAllAll
ApplicationIbmPersonal Communications6.0.5AllAllAll
ApplicationIbmPersonal Communications6.0.6AllAllAll
ApplicationIbmPersonal Communications6.0.7AllAllAll
ApplicationIbmPersonal Communications6.0.8AllAllAll
ApplicationIbmPersonal Communications6.0.9AllAllAll
  • cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.15:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.16:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.5:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.6:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.8:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:personal_communications:6.0.9:*:*:*:*:*:*:*: