Update commons compress to 1.26.1 Update bouncycastle to 1.78.1 (MINDBREEZE30411)

ID: MINDBREEZE30411 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS   
Severity: MEDIUM 
Status: Final 
First published: September 04, 2024 
CVEs: CVE-2024-26308 CVE-2024-30171 CVE-2024-29857   

Summary

• CVE-2024-26308: commons-compress Allocation of Resources Without Limits or Throttling
• CVE-2024-30171: org.bouncycastle vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin
• CVE-2024-29857: bouncy castle Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire SaaS 24.5 Release
• Mindbreeze InSpire 24.5 Release