Security Vulnerabilities fixed in IBM Personal Communications BULLETIN: 276845
Description
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. Versions 5.9.x before 5.9.8 and 6.0.x before 6.0.4 have stack-based buffer overflow which might allow remote attackers to execute arbitrary code.
Affected Applications
IBM Personal Communications