VYPR

Personal Communications

by IBM

CVEs (5)

  • CVE-2024-25029CriApr 6, 2024
    risk 0.59cvss 9.0epss 0.01

    IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full…

  • CVE-2025-1095HigApr 8, 2025
    risk 0.57cvss 8.8epss 0.00

    IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM.…

  • CVE-2023-37410HigSep 20, 2023
    risk 0.55cvss 8.4epss 0.00

    IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.

  • CVE-2016-0321MedJul 17, 2016
    risk 0.40cvss 6.2epss 0.00

    IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.

  • CVE-2012-0201Mar 2, 2012
    risk 0.06cvss epss 0.37

    Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.