Описание
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:personal_communications:6.0.16:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
6.2 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.2
github
больше 3 лет назад
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.
EPSS
Процентиль: 33%
0.00134
Низкий
6.2 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-200