Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

ID: MINDBREEZE31126 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: May 24, 2024 CVEs: CVE-2024-4367 SummaryA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.3 Hotfix 1 Release Mindbreeze InSpire SaaS 24.3 Hotfix 1 Release 
ID: MINDBREEZE30948 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: May 15, 2024 CVEs: MINDBREEZE30947 SummaryInsight App Designer XSS and Apps: via Inclusion of External Script via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release 
ID: MINDBREEZE30947 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: May 15, 2024 CVEs: MINDBREEZE30947 SummaryMINDBREEZE30947 Client Service Redirection Vulnerability via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release 
ID: MINDBREEZE30802 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.9 High Status: Final First published: May 28, 2024 CVEs: CVE-2024-0172, CVE-2024-0154, CVE-2024-0173, CVE-2023-22655, CVE-2024-0161, CVE-2024-0162,  CVE-2024-0163, CVE-2022-21233, CVE-2021-33060 
ID: MINDBREEZE30717 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: May 28, 2024 CVEs: CVE-2024-2625, CVE-2024-2626, CVE-2024-2627, CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887, CVE-2024-3157, CVE-2024-3516, CVE-2024-3515, CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3837, CVE-2024-3839, CVE-2024-3840, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847 
ID: MINDBREEZE30717 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: May 28, 2024 CVEs: CVE-2023-48795, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, CVE-2023-50495, CVE-2023-6111, CVE-2023-2602, CVE-2023-2603, CVE-2023-48795, CVE-2023-51385 
ID: MINDBREEZE30280 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.2 High Status: Final First published: March 18, 2024 CVEs: CVE-2024-1060 CVE-2024-1077 CVE-2024-1284 CVE-2024-1283 CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1674 CVE-2024-1676 SummarySecurity Update Chromium Component
ID: MINDBREEZE30237 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: May 28, 2024 CVEs: CVE-2023-42465, CVE-2024-1086, CVE-2024-23851, CVE-2024-26585, CVE-2024-26582, CVE-2024-26584, CVE-2024-26583, CVE-2024-26603, CVE-2024-26604, CVE-2024-26606, CVE-2024-2905 
ID: MINDBREEZE30001 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: March 18, 2024 CVEs: CVE-2023-52323 Summarypycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.1 Release Mindbreeze InSpire SaaS 24.1 Release 
ID: MINDBREEZE29950 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: March 18, 2024 CVEs: CVE-2023-7024 CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2023-7024 CVE-2024-0807 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0517 CVE-2024-0518 CVE-2024-0519 SummarySecurity Update Chromium Component