This page aggregates publicly disclosed CVE and security risk information related to nextgen, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-43208 KEV | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | [email protected] | 9.8 | 94.42% | 2023-10-26 | 2025-10-31 |
| CVE-2023-37679 | A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. | [email protected] | 9.8 | 93.44% | 2023-08-03 | 2024-11-21 |