Critical Flaw in NextGen’s Mirth Connect Could Expose Healthcare Data

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

October 26, 2023 at 04:48AM

Users of Mirth Connect, an open-source data integration platform, are urged to update to version 4.4.1 due to the discovery of an unauthenticated remote code execution vulnerability (CVE-2023-43208). Horizon3.ai warns that attackers may exploit this vulnerability to gain access to sensitive healthcare data. The flaw affects various versions of Mirth Connect, making it crucial to update to the latest version to mitigate potential threats.

Key Takeaways from Meeting Notes:

1. Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, should update to version 4.4.1 to address a recently discovered unauthenticated remote code execution vulnerability (CVE-2023-43208).

2. The vulnerability allows attackers to execute arbitrary commands on the hosting server, posing a risk to sensitive healthcare data.

3. This vulnerability bypasses a previous critical remote command execution (RCE) vulnerability (CVE-2023-37679), affecting all instances of Mirth Connect regardless of the Java version.

4. It is recommended to update Mirth Connect, especially those publicly accessible over the internet, as soon as possible to mitigate potential threats.

Please let me know if there’s anything else I can assist you with.

Full Article