May 29, 2024 at 02:10PM A critical vulnerability in Fortinet’s FortiSIEM product, CVE-2024-23108, poses a significant risk for potential exploitation. Dubbed “NodeZero” by researchers at Horizon3AI, the exploit enables unauthorized remote code execution on vulnerable appliances. Users of affected versions should patch immediately to mitigate the risk and prevent compromise. Based on the meeting notes, … Read more
May 21, 2024 at 07:21AM CISA added a flaw in NextGen Healthcare’s Mirth Connect product, a widely used healthcare interface engine, to its KEV catalog. Tracked as CVE-2023-43208, the flaw can lead to unauthenticated remote code execution. A patch was released with Mirth Connect version 4.4.1. Microsoft reported ransomware attacks exploiting this and another flaw. … Read more
March 26, 2024 at 06:42AM The US cybersecurity agency, CISA, warns about the exploitation of CVE-2023-48788, a critical SQL injection bug affecting Fortinet’s FortiClient EMS. Patches have been released, and the vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog. Concerns also extend to another vulnerability, CVE-2021-44529, affecting Ivanti Endpoint Manager. (Words: 50) Based … Read more
October 26, 2023 at 02:57PM Open source data integration platform Mirth Connect has a remote code execution vulnerability, according to cybersecurity firm Horizon3.ai. The vulnerability, tracked as CVE-2023-43208, bypasses a critical-severity flaw disclosed earlier and affects all Mirth Connect installations. A patch has been released, but the cybersecurity firm warns that the vulnerability is easily … Read more
October 25, 2023 at 02:36AM Virtualization services provider VMware has alerted customers to a proof-of-concept exploit for a recently patched security flaw in Aria Operations for Logs. The vulnerability, tracked as CVE-2023-34051, allows for authentication bypass and remote code execution. A PoC for the vulnerability has been made available, prompting VMware to revise its advisory. … Read more