CVE Record: CVE-2024-23620

Required CVE Record Information

Description

An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM.

CWE 1 Total

Learn more

CWE-269: CWE-269 Improper Privilege Management

CVSS 2 Total

Learn more

Score	Severity	Version	Vector String
8.8	HIGH	3.1	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.8	—	2.0	AV:L/AC:L/Au:S/C:C/I:C/A:C

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

Credits

Exodus Intelligence finder

References 1 Total

https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation/
external site
third-party-advisory

Updated: 2024-08-01

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation/
external site
third-party-advisoryx_transferred

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Exodus Intelligence

Description

CWE 1 Total

CVSS 2 Total

Product Status

Credits

References 1 Total

CVE Program

References 1 Total

Authorized Data Publishers

CISA-ADP