The U.S. Cybersecurity and Infrastructure Security Agency (CISA) a NextGen Healthcare Mirth Connect vulnerability to its .
The issue, tracked as , is an improper access control vulnerability in Apache Flink.
Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface.
An improper access control vulnerability occurs when an application or system does not adequately restrict user permissions, allowing unauthorized users to access resources, perform actions, or obtain data they should not be able to. This type of vulnerability can lead to unauthorized access, data breaches, and other security issues.
According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix these vulnerabilities by June 13, 2024.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Apache Flink)