Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Security update of the Kerberos assistant (MINDBREEZE32736)

ID: MINDBREEZE32736 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 4.5 medium Status: Final First published: -CVEs: MINDBREEZE32736 SummaryMissing HTML escaping in MMC Kerberos configuration may allow script execution in the browser window  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 Hotfix 1 Mindbreeze InSpire Saas Release 24.6 Hotfix 1 
Read more about Security update of the Kerberos assistant (MINDBREEZE32736)

Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

ID: MINDBREEZE32554 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire G7 Remote Connector  Severity: Critical  Status: Final First published: October 10, 2024 CVEs: MINDBREEZE32554 SummaryFix a problem with Microsoft File Connector if Deny Rules are used with disabled local group resolution which could lead to information disclosure in the search. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

Security Update for Dell iDRAC and Firmware (MINDBREEZE32328)

ID: MINDBREEZE32328 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire  Severity: 8.1 High Status: Final First published: October 10, 2024 CVEs: CVE-2024-6387, CVE-2024-22374, CVE-2024-24853, CVE-2024-24980 
Read more about Security Update for Dell iDRAC and Firmware (MINDBREEZE32328)

Bootstrap security update to version 5 (MINDBREEZE32146)

ID: MINDBREEZE32146Affected Components: Mindbreeze InSpire  Severity: Medium 6.4 Status: Final First published: October 10, 2024   CVEs: CVE-2024-6484, CVE-2024-6531 
Read more about Bootstrap security update to version 5 (MINDBREEZE32146)

Updated OpenJDK to Version 1.8.0.422 (MINDBREEZE32044)

ID: MINDBREEZE32044 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.4 HIGH Status: Final First published: September 04, 2024 CVEs: CVE-2024-21147 CVE-2024-21140 CVE-2024-21145 CVE-2024-21011 CVE-2024-21068 CVE-2024-21094 CVE-2024-21131 CVE-2024-21138 
Read more about Updated OpenJDK to Version 1.8.0.422 (MINDBREEZE32044)

Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

ID: MINDBREEZE31787 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS   Severity: 6.1 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2016-10735 CVE-2018-20676 CVE-2018-20677 SummaryCVE-2016-10735 bootstrap XSS is possible in the data-target attributeCVE-2018-20676 bootstrap XSS is possible in the tooltip data-viewport attributeCVE-2018-20677 bootstrap XSS is possible in the affix configuration target property  Hotfix Information 
Read more about Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

Chromium Security Update 126.0.6478.126 (MINDBREEZE31715)

ID: MINDBREEZE31715 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire   Severity: 5.5 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2024-5830,CVE-2024-5831,CVE-2024-5832,CVE-2024-5833,CVE-2024-5834,CVE-2024-5837,CVE-2024-5838,CVE-2024-5839,CVE-2024-5840,CVE-2024-5841,CVE-2024-5845,CVE-2024-5846,CVE-2024-5847,CVE-2024-6100,CVE-2024-6101,CVE-2024-6102,CVE-2024-6103,CVE-2024-6290,CVE-2024-6291,CVE-2024-6292,CVE-2024-6293  
Read more about Chromium Security Update 126.0.6478.126 (MINDBREEZE31715)

Dell iDRAC security update (MINDBREEZE31703)

ID: MINDBREEZE31703  Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire  Severity: 7.6 High Status: Final First published: September 04, 2024 CVEs: CVE-2024-25943, CVE-2024-21823  Summarysession hijacking vulnerability in IPMIkernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Dell iDRAC security update (MINDBREEZE31703)

OpenSSH Security Update (MINDBREEZE31597)

ID: MINDBREEZE31597  Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 Severity: 8.1 High Status: Final First published: September 04, 2024 CVEs: CVE-2024-6387 SummaryA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Read more about OpenSSH Security Update (MINDBREEZE31597)

OpenSSH Security Update (MINDBREEZE31597)

ID: MINDBREEZE31597 Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 Severity: 8.1 High Status: Final First published: July 3, 2024 CVEs: CVE-2024-6387 SummaryA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Read more about OpenSSH Security Update (MINDBREEZE31597)