CVE-2024-23621 | A buffer overflow exists in IBM Merge Healthcare eFilm Works… | CVSS 10.0 CRITICAL

Description

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Metadata

CVE ID: CVE-2024-23621
State: PUBLISHED
Assigner: XI
Reserved: 2024-01-18 21:37 UTC
Published: 2024-01-25 23:36 UTC
Last updated: 2025-06-03 18:17 UTC
Primary CWE: CWE-131
CWE-131 Incorrect Calculation of Buffer Size
Vendor / Product: IBM Merge Healthcare / eFilm Workstation
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
IBM Merge Healthcare	eFilm Workstation	—	4.1 ≤ 4.2

Weakness (CWE)

CWE	Source	Description
CWE-131	cna	CWE-131 Incorrect Calculation of Buffer Size

CVSS scores (2)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (1)

https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/