CVE-2016-0321

{"id": "CVE-2016-0321", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2016-07-17T22:59:00.177", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981692", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/91751", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script."}, {"lang": "es", "value": "IBM Personal Communications (tambi\u00e9n conocido como PCOMM) 6.x en versiones anteriores a 6.0.17 y 12.x en versiones anteriores a 12.0.0.1 no restringe correctamente la extracci\u00f3n de credenciales, lo cual permite a usuarios locales descubrir contrase\u00f1as aprovechando el acceso a la cuenta de la v\u00edctima y ejecutando una secuencia de comandos PowerShell."}], "lastModified": "2016-11-28T19:53:05.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:personal_communications:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00FC213B-BC7E-4AB1-BC48-58227BE008FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "050B8D11-FA5E-4F70-9934-057479F6260E"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "838D216B-5C30-4CFF-9740-A0AB18A281B0"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA429D0C-CDBF-4864-B661-E13733A84675"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E0730A-8C81-4D5C-B11C-3FBD9AF50FC1"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A007FE4A-C587-4ABC-8E5E-BAA8B9FD10C6"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF2FCFDF-C876-4630-B899-FEB56BAA4F8D"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5738F6B4-952C-4EFE-868C-53AEB2151224"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8081C4E7-E42F-4C79-B11F-8280412768D8"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF981B9-C7F9-4926-9310-AD30B2E1BFAD"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F10FF32-B5A5-45EF-B626-F6300644ECE2"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B6DADA-B769-44CA-A6DF-11DB26831696"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87BD8E7B-68FD-488C-A2F7-60A9C5A1FA3C"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C540FB24-5B13-4489-8012-052209C3E421"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A66BF474-B69D-4610-85DD-9E79B69B08B7"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8223D044-D8F9-4F43-B44C-F28A19F3275E"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93907E7-C765-43E6-839F-25C8C8BE5C44"}, {"criteria": "cpe:2.3:a:ibm:personal_communications:6.0.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D1D51A4-4975-436A-B30B-CD950E74EF7B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}