Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Security update of the Kerberos assistant (MINDBREEZE32736)

ID: MINDBREEZE32736 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 4.5 medium Status: Final First published: -CVEs: MINDBREEZE32736 SummaryMissing HTML escaping in MMC Kerberos configuration may allow script execution in the browser window  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 Hotfix 1 Mindbreeze InSpire Saas Release 24.6 Hotfix 1 
Read more about Security update of the Kerberos assistant (MINDBREEZE32736)

app.telemetry Security Update (MINDBREEZE32732)

ID: MINDBREEZE32732 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.8 Medium Status: Final CVEs: PDO15041 SummaryXSS in app.telemetry Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 HF1 Mindbreeze InSpire SaaS Release 24.6 HF1 
Read more about app.telemetry Security Update (MINDBREEZE32732)

Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

ID: MINDBREEZE32554 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire G7 Remote Connector  Severity: Critical  Status: Final First published: October 10, 2024 CVEs: MINDBREEZE32554 SummaryFix a problem with Microsoft File Connector if Deny Rules are used with disabled local group resolution which could lead to information disclosure in the search. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 24.5 HF2 
Read more about Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

Security Update for Dell iDRAC and Firmware (MINDBREEZE32328)

ID: MINDBREEZE32328 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire  Severity: 8.1 High Status: Final First published: October 10, 2024 CVEs: CVE-2024-6387, CVE-2024-22374, CVE-2024-24853, CVE-2024-24980 
Read more about Security Update for Dell iDRAC and Firmware (MINDBREEZE32328)

Bootstrap security update to version 5 (MINDBREEZE32146)

ID: MINDBREEZE32146 Affected Components: Mindbreeze InSpire Severity: Medium 6.4 Status: Final First published: October 10, 2024 CVEs: CVE-2024-6484, CVE-2024-6531 
Read more about Bootstrap security update to version 5 (MINDBREEZE32146)

Axios and undescore security update (MINDBREEZE32145)

ID: MINDBREEZE32145 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High 7.5 Status: Final First published: October 10, 2024 CVEs: CVE-2021-3749, CVE-2021-23358,  CVE-2022-31129, CVE-2020-28168,  CVE-2023-45857 Summaryaxios Inefficient Regular Expression Complexity vulnerabilityAxios vulnerable to Server-Side Request ForgeryAxios Cross-Site Request Forgery VulnerabilityArbitrary Code Execution in underscore Hotfix Information 
Read more about Axios and undescore security update (MINDBREEZE32145)

Updated OpenJDK to Version 1.8.0.422 (MINDBREEZE32044)

ID: MINDBREEZE32044 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.4 HIGH Status: Final First published: September 04, 2024 CVEs: CVE-2024-21147 CVE-2024-21140 CVE-2024-21145 CVE-2024-21011 CVE-2024-21068 CVE-2024-21094 CVE-2024-21131 CVE-2024-21138 
Read more about Updated OpenJDK to Version 1.8.0.422 (MINDBREEZE32044)

Chromium Security Update (MINDBREEZE32037)

ID: MINDBREEZE32037 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.9 High Status: Final First published: October 10, 2024 
Read more about Chromium Security Update (MINDBREEZE32037)

Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

ID: MINDBREEZE31787 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS   Severity: 6.1 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2016-10735 CVE-2018-20676 CVE-2018-20677 SummaryCVE-2016-10735 bootstrap XSS is possible in the data-target attributeCVE-2018-20676 bootstrap XSS is possible in the tooltip data-viewport attributeCVE-2018-20677 bootstrap XSS is possible in the affix configuration target property  Hotfix Information 
Read more about Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

Chromium Security Update 126.0.6478.126 (MINDBREEZE31715)

ID: MINDBREEZE31715 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire   Severity: 5.5 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2024-5830,CVE-2024-5831,CVE-2024-5832,CVE-2024-5833,CVE-2024-5834,CVE-2024-5837,CVE-2024-5838,CVE-2024-5839,CVE-2024-5840,CVE-2024-5841,CVE-2024-5845,CVE-2024-5846,CVE-2024-5847,CVE-2024-6100,CVE-2024-6101,CVE-2024-6102,CVE-2024-6103,CVE-2024-6290,CVE-2024-6291,CVE-2024-6292,CVE-2024-6293  
Read more about Chromium Security Update 126.0.6478.126 (MINDBREEZE31715)