Home Unlabelled IBM Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)

IBM Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)

By
Wednesday, July 13, 2016
Read
Add Comment

IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system (by the victim opening a mail with a malicious attachment or visiting a malicious website). Malware could run with user privileges but not necessarily having access to the password. An attacker could retrieve user credentials by running PowerShell Script and by exploiting design flaw in IBM Personal Communications to extract users’ password.

CVE(s): CVE-2016-0321

Affected product(s) and affected version(s):

IBM Personal Communications from version 6.0 to 6.0.16 and version 12.0 on all supported platforms.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29DJZdT
X-Force Database: http://ift.tt/29D3Wpc



from IBM Product Security Incident Response Team http://ift.tt/29DJAIG
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us