Tomcat update 9.0.95+ (CVE-2024-34750, not affected, CVE-2024-38286 high, affected) (MINDBREEZE32159)

ID: MINDBREEZE32159 
Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  
Severity: 7.5 High 
Status: Final 
First published: December 2, 2024
CVEs: CVE-2024-38286 

Summary

A vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire Release 24.7 
• Mindbreeze InSpire Saas Release 24.7