Jonas Vestberg

**Name of the Vulnerable Software and Affected Versions** IBM Personal Communications versions 14.0.6 through 15.0.1 **Description** The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITYSYSTEM. This enables a low-privileged attacker to move laterally to affected systems and escalate their privileges. The issue concerns a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). **Recommendations** For IBM Personal Communications versions 14.0.6 through 15.0.1, consider disabling the vulnerable Windows service as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.