IBM Personal Communications flaw exposes risk of remote code execution
Take action: If you are using IBM PCOM package, update to the latest patched version. It's a fairly painless update, no point in delaying.
Learn More
IBM has identified a vulnerability in its terminal emulator software, Personal Communications (PCOM), which poses significant security risks, including remote code execution (RCE) and local privilege escalation (LPE). PCOM is a key component of the IBM Host Access Client Package and the IBM Rational Host Integration Solution.
The vulnerability, tracked as CVE-2024-25029 (CVSS score 9), affects versions 14.0.6 to 15.0.1 of PCOM. It's is attributed to the exploitation of a Windows service utilized by PCOM, classified by IBM as an “Improper Restriction of Operations within the Bounds of the Memory Buffer” (Buffer overflow) vulnerability. IBM has issued a Security Bulletin (7147672), along with advisory notes and client updates, to address the issue. The company has noted that the exploitability of this vulnerability is still uncertain, and no workarounds have been identified.
Businesses and enterprises using the PCOM package are strongly advised to update to the latest patched versions to safeguard against potential security breaches and ensure the protection of sensitive business data.
