Java Security Update (MINDBREEZE27627)

ID: MINDBREEZE27627 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 8.8 High 
Status: Final 
First published: October 20, 2023 
CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21937 

Summary

Java Security Update

• CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake
• CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation
• CVE-2023-21937 OpenJDK: missing string checks for NULL characters

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 23.4 Release 

• Mindbreeze InSpire SaaS 23.4 Release