Update XercesImpl to 2.12.2 (MINDBREEZE30136)

ID: MINDBREEZE30136   
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS   
Severity: 5.5 MEDIUM 
Status: Final 
First published: September 04, 2024 
CVEs: CVE-2012-0881 CVE-2013-4002 CVE-2009-2625 CVE-2020-14338   

Summary

• CVE-2012-0881    Xerces2 denial of service (CPU consumption)
• CVE-2013-4002    Xerces2 denial of service XML attribute names
• CVE-2009-2625    Xerces2 denial of service (infinite loop and application hang) via malformed XML input
• CVE-2020-14338    Xerces2 XMLSchemaValidator manipulate the validation process 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire SaaS 24.5 Release
• Mindbreeze InSpire 24.5 Release