2 matches found
CVE-2023-43208
NextGen Healthcare Mirth Connect (before 4.4.1) is affected by a deserialization of untrusted data vulnerability that allows unauthenticated remote code execution. Root cause: an incomplete patch of CVE-2023-37679 left a gadget chain bypassing the original deny list, enabling RCE via crafted HTTP...
CVE-2023-37679
CVE-2023-37679 / CVE-2023-43208 (NextGen HealthCare Mirth Connect) : Open-source data integration platform vulnerable to unauthenticated remote code execution due to improper/deserialization handling. Affects Mirth Connect versions prior to 4.4.1 (PoCs and advisories reference vulnerable ranges i...