CISA Known Exploited Vulnerability (KEV)
NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability
May 20, 2024
June 10, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
References
Weakness Enumeration
CWE-ID | CWE Name |
---|---|
CWE-502 |
Deserialization of Untrusted Data |