CRITICAL🇵🇱 Wersja polska

CVE-2024-23619

CVSS 9.8v3.1pub. 2024-01-26upd. 2024-11-21

A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution.

🤖 AI Analysis
How it works

The vulnerability results from the presence of static, unchangeable credentials embedded directly in the application code (CWE-798). An attacker who discovers or guesses these credentials can gain access to the system without any user authorization or requirement to possess an existing account. Due to the network attack vector (AV:N) and lack of prerequisites (PR:N, AC:L, UI:N), exploitation is possible remotely and does not require user interaction.

Impact

An attacker can gain unauthorized access to protected system resources, leading to disclosure of confidential medical data or complete takeover of the system through remote code execution (RCE).

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. It is also recommended to restrict network access to eFilm Workstation workstations using a firewall and to monitor network traffic for unauthorized access attempts until the patch is deployed.

Who is affected

IBM Merge Healthcare eFilm Workstation — versions indicated in the manufacturer's references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Merge Efilm Workstation

    APP
    Ibm
    ≤ 4.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References

Related vulnerabilities

CVE-2024-23621CRITICAL10.0PL ✓ten sam produkt

Buffer overflow w serwerze licencji IBM Merge Healthcare eFilm Workstation — RCE

CVE-2024-23622CRITICAL10.0PL ✓ten sam produkt

Stack-based buffer overflow w IBM Merge Healthcare eFilm Workstation — RCE jako SYSTEM

CVE-2024-23620HIGH8.8ten sam produkt

An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, auth...

CVE-2022-47986CRITICAL9.8⚠ KEVten sam vendor

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2020-4427CRITICAL9.8⚠ KEVten sam vendor

IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass sec...