Mirth Connect, an open-source data integration platform used in healthcare organizations, has been found to have a critical remote code execution (RCE) vulnerability, CVE-2023-43208, that can be exploited without authentication. This vulnerability bypasses a previously disclosed RCE flaw (CVE-2023-37679) and affects all Mirth Connect installations, regardless of the Java version. Attackers could exploit this flaw to gain initial access or compromise sensitive healthcare data. A patch has been released in Mirth Connect version 4.4.1. Users are strongly advised to update to this version to mitigate the risk.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.