IBM Merge Healthcare eFilm Workstation Hardcoded Credentials
CVE-2024-23619

9.8CRITICAL

Key Information:

Vendor: IBM Merge Healthcare
Status: Efilm Workstation
Vendor: CVE Published:; 26 January 2024

🔔 Create IBM Merge Healthcare Vulnerability Alert

What is CVE-2024-23619?

A vulnerability related to hardcoded credentials has been identified in IBM Merge Healthcare eFilm Workstation, enabling remote, unauthenticated attackers to gain unauthorized access to sensitive information. This weakness may permit attackers to conduct information disclosure or achieve remote code execution. The existence of hardcoded credentials significantly escalates the risk, as it provides a potential pathway for malicious actors to exploit the software and compromise its integrity. Organizations utilizing this product should prioritize mitigating this vulnerability to safeguard their systems and protect sensitive data.

Affected Version(s)

eFilm Workstation 3.1 <= 4.1

References

https://blog.exodusintel.com/2024/01/25/ibm-merge-healthc...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2024
Vulnerability Reserved
Jan 18, 2024

Credit

Exodus Intelligence

CVE-2024-23619 Data

JSON