Mindbreeze API Authentication Role Fixes (MINDBREEZE33949)

ID: MINDBREEZE33949 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: High 
Status: Final 
First published: January 28, 2025 
CVEs: MINDBREEZE33949 

Summary 

Fixed incorrect privilege assignment on some API endpoints, which may allow access to restricted information. 

 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

  • Mindbreeze InSpire 24.8 Hotfix 1 Release
  • Mindbreeze InSpire Saas 24.8 Hotfix 1 Release