3 results (0.003 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. IBM Personal Communications 14.0.6 a 15.0.1 incluye un servicio de Windows que es vulnerable a la ejecución remota de código (RCE) y a la escalada de privilegios local (LPE). • https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 https://www.ibm.com/support/pages/node/7147672 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 18EXPL: 0

IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. IBM Personal Communications (también conocido como PCOMM) 6.x en versiones anteriores a 6.0.17 y 12.x en versiones anteriores a 12.0.0.1 no restringe correctamente la extracción de credenciales, lo cual permite a usuarios locales descubrir contraseñas aprovechando el acceso a la cuenta de la víctima y ejecutando una secuencia de comandos PowerShell. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006 http://www-01.ibm.com/support/docview.wss?uid=swg21981692 http://www.securityfocus.com/bid/91751 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 3

Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file. Desbordamiento de buffer de pila en pcspref.dll de pcsws.exe de IBM Personal Communications 5.9.x anteriores a 5.9.8 y 6.0.x anteriores a 6.0.4 permiten a atacantes remotos ejecutar código arbitrario a través de una cadena de perfil extensa ("long profile string") en un archivo WorkStation (.ws). • https://www.exploit-db.com/exploits/18539 http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539 http://www-01.ibm.com/support/docview.wss?uid=swg21586166 http://www.exploit-db.com/exploits/18539 http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •