CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1095 – IBM Personal Communications command execution
https://notcve.org/view.php?id=CVE-2025-1095
08 Apr 2025 — IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. • https://www.ibm.com/support/pages/node/7230335 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25029 – IBM Personal Communications code execution
https://notcve.org/view.php?id=CVE-2024-25029
06 Apr 2024 — IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619. IBM Personal Communications 14.0.6 a 15.0.1 i... • https://exchange.xforce.ibmcloud.com/vulnerabilities/281619 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0321
https://notcve.org/view.php?id=CVE-2016-0321
17 Jul 2016 — IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. IBM Personal Communications (también conocido como PCOMM) 6.x en versiones anteriores a 6.0.17 y 12.x en versiones anteriores a 12.0.0.1 no restringe correctamente la extracción de credenciales, lo cual permite a usuarios locales descubrir contraseñas ap... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 67%CPEs: 3EXPL: 3CVE-2012-0201 – IBM Personal Communications I-Series Access Workstation 5.9 - Profile
https://notcve.org/view.php?id=CVE-2012-0201
02 Mar 2012 — Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file. Desbordamiento de buffer de pila en pcspref.dll de pcsws.exe de IBM Personal Communications 5.9.x anteriores a 5.9.8 y 6.0.x anteriores a 6.0.4 permiten a atacantes remotos ejecutar código arbitrario a través de una cadena de perfil extensa ("long profile string") en u... • https://www.exploit-db.com/exploits/18539 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •