Mindbreeze InSpire Vulnerabilities
This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.
If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.
Vulnerabilities
ID: MINDBREEZE33995 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.2 High Status: Final CVEs: MINDBREEZE33995 Summary Fixed: Possible stored XSS attacks within unescaped mustache templates Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.8 Hotfix 2 Release Mindbreeze InSpire Saas 24.8 Hotfix 2 Release
ID: MINDBREEZE33992 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: January 28, 2025 CVEs: MINDBREEZE33992 Summary WebPageThumbnailer thumbnail destination url can be overwritten via custom metadata which is not further validated and can lead to potential unintended local network access. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
ID: MINDBREEZE33949 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: January 28, 2025 CVEs: MINDBREEZE33949 Summary Fixed incorrect privilege assignment on some API endpoints, which may allow access to restricted information. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.8 Hotfix 1 Release Mindbreeze InSpire Saas 24.8 Hotfix 1 Release
ID: MINDBREEZE33815 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final CVEs: CVE-2024-11395, CVE-2024-12053, CVE-2024-12381, CVE-2024-12692, CVE-2024-12693, CVE-2024-12694, CVE-2024-12695, CVE-2025-0434, CVE-2025-0435, CVE-2025-0436, CVE-2025-0437, CVE-2025-0438, CVE-2025-0439, CVE-2025-0441, CVE-2025-0442, CVE-2025-0447, CVE-2025-0448, CVE-2025-0291, CVE-2025-0611, CVE-2025-0612
ID: MINDBREEZE32736 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 4.5 medium Status: Final CVEs: MINDBREEZE32736 Summary Missing HTML escaping in MMC Kerberos configuration may allow script execution in the browser window Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.6 Hotfix 1 Release Mindbreeze InSpire Saas 24.6 Hotfix 1 Release
ID: MINDBREEZE32732 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final CVEs: PDO15041 Summary XSS in app.telemetry Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.6 HF1 Release Mindbreeze InSpire SaaS 24.6 HF1 Release
ID: MINDBREEZE32690 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.3 Medium Status: Final CVEs: CVE-2024-50067 Summary kernel: uprobe: avoid out-of-bounds memory access of fetching args Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.1 ReleaseMindbreeze InSpire Saas 25.1 Release
ID: MINDBREEZE32644 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.6 High Status: Final First published: December 2, 2024 CVEs: CVE-2024-32487, RH-CVE-2280317 Summary less: OS command injection kernel: slab-out-of-bounds in hex_dump_to_buffer Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.7 Release Mindbreeze InSpire Saas 24.7 Release
ID: MINDBREEZE32592 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.7 High Status: Final First published: December 2, 2024 CVEs: CVE-2023-6841, CVE-2024-7341, CVE-2024-8698, CVE-2024-4629
ID: MINDBREEZE32590 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: December 2, 2024CVEs: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198, CVE-2024-8362, CVE-2024-7970, CVE-2024-8636, CVE-2024-8637, CVE-2024-8638, CVE-2024-8639, CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909, CVE-2024-9120, CVE-2024-9121, CVE-2024-9122, CVE-2024-9123, CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603