CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini May 21, 2024

CISA adds NextGen Healthcare Mirth Connect deserialization of untrusted data vulnerability to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  a NextGen Healthcare Mirth Connect vulnerability to its .

The issue, tracked as , is a Deserialization of Untrusted Data Vulnerability.

Deserialization of untrusted data vulnerability is a security flaw that occurs when an application deserializes data from an untrusted source without properly validating or sanitizing it. Deserialization is the process of converting serialized data (data formatted for storage or transmission) back into an object or data structure that a program can use.

The flaw impacts NextGen Healthcare Mirth Connect before version 4.4.1, an unauthenticated remote attacker can trigger the issue to achieve code execution.

US CISA also addressed recently disclosed Google Chromium V8 Type Confusion Vulnerability (CVE-2024-4947).

The vulnerability CVE-2024-4947 is a type confusion that resides in V8 JavaScript engine. The vulnerability was reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on May 13, 2024.

“Google is aware that an exploit for CVE-2024-4947 exists in the wild,” reads the  published by Google.

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix these vulnerabilities by June 10, 2024.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, CISA)



you might also like

leave a comment