CVE-2024-23622
IBM Merge Healthcare eFilm Workstation License Server CopySLS_Request3 Buffer Overflow
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges.
Existe un desbordamiento de búfer en la región stack de la memoria en el servidor de licencias de IBM Merge Healthcare eFilm Workstation. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecución remota de código con privilegios de SYSTEM.
*Credits:
Exodus Intelligence
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-18 CVE Reserved
- 2024-01-25 CVE Published
- 2024-02-01 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-131: Incorrect Calculation of Buffer Size
- CWE-787: Out-of-bounds Write
CAPEC
- CAPEC-100: Overflow Buffers
References (1)
URL | Tag | Source |
---|---|---|
https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | Merge Efilm Workstation Search vendor "Ibm" for product "Merge Efilm Workstation" | <= 4.2 Search vendor "Ibm" for product "Merge Efilm Workstation" and version " <= 4.2" | - |
Affected
|