Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

OpenSSH Security Update (MINDBREEZE31597)

ID: MINDBREEZE31597 Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 Severity: 8.1 High Status: Final First published: July 3, 2024 CVEs: CVE-2024-6387 SummaryA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Read more about OpenSSH Security Update (MINDBREEZE31597)

Arbitrary JavaScript execution in PDF.js (MINDBREEZE31126)

ID: MINDBREEZE31126 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: May 24, 2024 CVEs: CVE-2024-4367 SummaryA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.3 Hotfix 1 Release Mindbreeze InSpire SaaS 24.3 Hotfix 1 Release 
Read more about Arbitrary JavaScript execution in PDF.js (MINDBREEZE31126)

Insight App Designer and Apps Overview: XSS via Inclusion of External Script (MINDBREEZE30948)

ID: MINDBREEZE30948 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: May 15, 2024 CVEs: MINDBREEZE30947 SummaryInsight App Designer XSS and Apps: via Inclusion of External Script via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release 
Read more about Insight App Designer and Apps Overview: XSS via Inclusion of External Script (MINDBREEZE30948)

Client Service Redirection Vulnerability (MINDBREEZE30947)

ID: MINDBREEZE30947 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: May 15, 2024 CVEs: MINDBREEZE30947 SummaryMINDBREEZE30947 Client Service Redirection Vulnerability via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release 
Read more about Client Service Redirection Vulnerability (MINDBREEZE30947)

Dell Firmware and BIOS Update (MINDBREEZE30802)

ID: MINDBREEZE30802 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.9 High Status: Final First published: May 28, 2024 CVEs: CVE-2024-0172, CVE-2024-0154, CVE-2024-0173, CVE-2023-22655, CVE-2024-0161, CVE-2024-0162,  CVE-2024-0163, CVE-2022-21233, CVE-2021-33060 
Read more about Dell Firmware and BIOS Update (MINDBREEZE30802)

CoreOS Security Update (MINDBREEZE29833)

ID: MINDBREEZE30717 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: May 28, 2024 CVEs: CVE-2023-48795, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, CVE-2023-50495, CVE-2023-6111, CVE-2023-2602, CVE-2023-2603, CVE-2023-48795, CVE-2023-51385 
Read more about CoreOS Security Update (MINDBREEZE29833)

Chromium Security Update (MINDBREEZE30717)

ID: MINDBREEZE30717 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: May 28, 2024 CVEs: CVE-2024-2625, CVE-2024-2626, CVE-2024-2627, CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887, CVE-2024-3157, CVE-2024-3516, CVE-2024-3515, CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3837, CVE-2024-3839, CVE-2024-3840, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847 
Read more about Chromium Security Update (MINDBREEZE30717)

Security Update Chromium Component (MINDBREEZE30280)

ID: MINDBREEZE30280 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.2 High Status: Final First published: March 18, 2024 CVEs: CVE-2024-1060 CVE-2024-1077 CVE-2024-1284 CVE-2024-1283 CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1674 CVE-2024-1676 SummarySecurity Update Chromium Component
Read more about Security Update Chromium Component (MINDBREEZE30280)

CoreOS Security Update (MINDBREEZE30237)

ID: MINDBREEZE30237 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: May 28, 2024 CVEs: CVE-2023-42465, CVE-2024-1086, CVE-2024-23851, CVE-2024-26585, CVE-2024-26582, CVE-2024-26584, CVE-2024-26583, CVE-2024-26603, CVE-2024-26604, CVE-2024-26606, CVE-2024-2905 
Read more about CoreOS Security Update (MINDBREEZE30237)

Python Security Update (MINDBREEZE30001)

ID: MINDBREEZE30001 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: March 18, 2024 CVEs: CVE-2023-52323 Summarypycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.1 Release Mindbreeze InSpire SaaS 24.1 Release 
Read more about Python Security Update (MINDBREEZE30001)