Possible SQL injection with special api.v2.search requests (MINDBREEZE23683)

ID: MINDBREEZE23683 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 7.6 High 
Status: Final 
First published: August 31, 2022 

Summary 

Possible SQL injection with special api.v2.search requests. 

Remediation 

Update to at least 22.1 Hotfix 2 or disable the task "Update app.telemetry dashboards"​​​​​​. 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 22.1 Release Hotfix 2 (Version 22.1.2.1317) 

• Mindbreeze InSpire SaaS 22.1 Release Hotfix 2 (Version 22.1.2.1317)