all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Mirth Connect 4.4.0 Remote Command Execution

Add to bookmarks
Jan. 31, 2024, 4:33 p.m. |

Packet Storm packetstormsecurity.com

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was …

application attacker can command connect context cve data horizon3 horizon3.ai http mirth connect patch remote command execution request researchers target vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

Debian Security Advisory 5676-1 17 hours ago | packetstormsecurity.com
advisory arbitrary code chromium code +13
Ubuntu Security Notice USN-6747-2 17 hours ago | packetstormsecurity.com
attacker denial of service domains exploit +16
htmlLawed 1.2.5 Remote Command Execution 17 hours ago | packetstormsecurity.com
command concept exploit proof +1
Red Hat Security Advisory 2024-2651-03 17 hours ago | packetstormsecurity.com
advisory denial of service enterprise linux +7
Red Hat Security Advisory 2024-2645-03 17 hours ago | packetstormsecurity.com
advisory enterprise linux red hat +5
1,400 GitLab Servers Impacted By Exploited Vulnerability 17 hours ago | packetstormsecurity.com
data loss exploited flaw gitlab +3
Hackers Compromised Dropbox eSignature Service 17 hours ago | packetstormsecurity.com
compromised dropbox flaw hacker +2
Hacker Free-For-All Fights For Control Of Home And Office Routers Everywhere 17 hours ago | packetstormsecurity.com
botnet control email free +6
REvil Ransomware Scum Gets 14 Years, $16 Million Fine 17 hours ago | packetstormsecurity.com
cryptography cybercrime fraud hacker +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700
View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States
View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium
View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)
View on infosec-jobs.com
View more jobs