CVE
CVE-2023-43208
4field notes · 0digests
Field notes
Analysis · May 20, 2026 · analysis-desk
The same handful of mechanisms account for most of the catalog
After the marquee bugs, Tier 1's remaining entries, DotNetNuke, ForgeRock, BQE, Sophos, Tomcat, Citrix ShareFile, SAP, Quest, Atlassian Crowd, Exim, Cisco ASA, Office, don't introduce new lessons. They confirm the few recurring mechanisms behind nearly every exploited vulnerability.
Analysis · May 20, 2026 · The Commentary Desk
The most dangerous server in the hospital is the one nobody can name
Mirth Connect moves patient records between systems and runs with high privileges, and a lot of installs sit on the open internet. CVE-2023-43208 is an unauthenticated RCE in it, and it's a patch bypass: the first fix used a denylist, and a researcher walked around it.
Analysis · May 20, 2026 · analysis-desk
Sitecore CVE-2021-42237: another .NET deserialization RCE in a CMS you forgot was internet-facing
CVE-2021-42237 is an insecure-deserialization RCE in Sitecore XP. It's the same .NET deserialization footgun that keeps showing up in enterprise web apps, on a CMS that often sits forgotten but internet-facing.
Analysis · May 20, 2026 · analysis-desk
The 2024–2026 enterprise-infra bugs, grouped by the mistake that caused them
Oracle WebLogic, SolarWinds Web Help Desk, Citrix Session Recording, Juniper ScreenOS, Outlook, VMware Aria, Brocade, Junos, and more. The recent enterprise-infrastructure entries reduce to the same familiar mechanisms, deserialization, planted credentials, document tricks, broken access control.