CVE-2024-23621— IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

CVSS 10.0 · Critical EPSS 0.94% · P76 Updated Jun 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-23621

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

Source: NVD (National Vulnerability Database)

Vulnerability Description

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

缓冲区大小计算不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

IBM eFilm Workstation 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

IBM eFilm Workstation是美国国际商业机器（IBM）公司的一种用于查看医学图像的软件应用程序。 IBM Merge Healthcare eFilm Workstation 存在安全漏洞，该漏洞源于许可证服务器中存在缓冲区溢出。未经身份验证的远程攻击者可以利用此漏洞实现远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
IBM Merge Healthcare	eFilm Workstation	4.1 ~ 4.2	-

II. Public POCs for CVE-2024-23621

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-23621

请登录查看更多情报信息。

Same Patch Batch · IBM Merge Healthcare · 2024-01-25 · 4 CVEs total

CVE-2024-23622	10.0 CRITICAL	IBM Merge Healthcare eFilm Workstation License Server CopySLS_Request3 Buffer Overflow
CVE-2024-23619	9.8 CRITICAL	IBM Merge Healthcare eFilm Workstation Hardcoded Credentials
CVE-2024-23620	8.8 HIGH	IBM Merge Healthcare eFilm Workstation SYSTEM Privilege Escalation

IV. Related Vulnerabilities

Same product: eFilm Workstation

CVE-2024-23622
IBM Merge Healthcare eFilm Workstation License Server CopySL

Same vendor: IBM Merge Healthcare

Same weakness: CWE-131

V. Comments for CVE-2024-23621

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-23621— IBM Merge Healthcare eFilm Workstation License Server Buffer Overflow

I. Basic Information for CVE-2024-23621

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2024-23621

III. Intelligence Information for CVE-2024-23621

Same Patch Batch · IBM Merge Healthcare · 2024-01-25 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-23621

Leave a comment