May 21, 2024 at 07:21AM CISA added a flaw in NextGen Healthcare’s Mirth Connect product, a widely used healthcare interface engine, to its KEV catalog. Tracked as CVE-2023-43208, the flaw can lead to unauthenticated remote code execution. A patch was released with Mirth Connect version 4.4.1. Microsoft reported ransomware attacks exploiting this and another flaw. … Read more
May 21, 2024 at 03:57AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw in NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities catalog. The flaw allows for unauthenticated remote code execution due to insecure usage of Java XStream library. Federal agencies are required to update to patched versions by June … Read more
October 26, 2023 at 02:57PM Open source data integration platform Mirth Connect has a remote code execution vulnerability, according to cybersecurity firm Horizon3.ai. The vulnerability, tracked as CVE-2023-43208, bypasses a critical-severity flaw disclosed earlier and affects all Mirth Connect installations. A patch has been released, but the cybersecurity firm warns that the vulnerability is easily … Read more