Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Security update of the Kerberos assistant (MINDBREEZE32736)

ID: MINDBREEZE32736 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 4.5 medium Status: Final First published: -CVEs: MINDBREEZE32736 SummaryMissing HTML escaping in MMC Kerberos configuration may allow script execution in the browser window  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 Hotfix 1 Mindbreeze InSpire Saas Release 24.6 Hotfix 1 
Read more about Security update of the Kerberos assistant (MINDBREEZE32736)

app.telemetry Security Update (MINDBREEZE32732)

ID: MINDBREEZE32732 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.8 Medium Status: Final CVEs: PDO15041 SummaryXSS in app.telemetry Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 HF1 Mindbreeze InSpire SaaS Release 24.6 HF1 
Read more about app.telemetry Security Update (MINDBREEZE32732)

CoreOS Security Update (MINDBREEZE32644)

ID: MINDBREEZE32644 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 8.6 High Status: Final First published: December 2, 2024CVEs: CVE-2024-32487, RH-CVE-2280317 Summaryless: OS command injection kernel: slab-out-of-bounds in hex_dump_to_buffer Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.7 Mindbreeze InSpire Saas Release 24.7 
Read more about CoreOS Security Update (MINDBREEZE32644)

Keycloak Update (MINDBREEZE32592)

ID: MINDBREEZE32592 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.7 High Status: Final First published: December 2, 2024 CVEs: CVE-2023-6841, CVE-2024-7341, CVE-2024-8698, CVE-2024-4629 
Read more about Keycloak Update (MINDBREEZE32592)

Chromium Security Update (MINDBREEZE32590)

ID: MINDBREEZE32590 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 6.8 Medium Status: Final First published: December 2, 2024CVEs: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198, CVE-2024-8362, CVE-2024-7970, CVE-2024-8636, CVE-2024-8637, CVE-2024-8638, CVE-2024-8639, CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909, CVE-2024-9120, CVE-2024-9121, CVE-2024-9122, CVE-2024-9123, CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603 
Read more about Chromium Security Update (MINDBREEZE32590)

Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

ID: MINDBREEZE32554 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire G7 Remote Connector  Severity: Critical  Status: Final First published: October 10, 2024 CVEs: MINDBREEZE32554 SummaryFix a problem with Microsoft File Connector if Deny Rules are used with disabled local group resolution which could lead to information disclosure in the search. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 24.5 HF2 
Read more about Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

Security Update for Dell iDRAC and Firmware (MINDBREEZE32328)

ID: MINDBREEZE32328 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire  Severity: 8.1 High Status: Final First published: October 10, 2024 CVEs: CVE-2024-6387, CVE-2024-22374, CVE-2024-24853, CVE-2024-24980 
Read more about Security Update for Dell iDRAC and Firmware (MINDBREEZE32328)

Tomcat update 9.0.95+ (CVE-2024-34750, not affected, CVE-2024-38286 high, affected) (MINDBREEZE32159)

ID: MINDBREEZE32159 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 7.5 High Status: Final First published: December 2, 2024CVEs: CVE-2024-38286 SummaryA vulnerability was found in Tomcat. Under certain configurations on any platform, this flaw allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Tomcat update 9.0.95+ (CVE-2024-34750, not affected, CVE-2024-38286 high, affected) (MINDBREEZE32159)

Bootstrap security update to version 5 (MINDBREEZE32146)

ID: MINDBREEZE32146 Affected Components: Mindbreeze InSpire Severity: Medium 6.4 Status: Final First published: October 10, 2024 CVEs: CVE-2024-6484, CVE-2024-6531 
Read more about Bootstrap security update to version 5 (MINDBREEZE32146)

Axios and undescore security update (MINDBREEZE32145)

ID: MINDBREEZE32145 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High 7.5 Status: Final First published: October 10, 2024 CVEs: CVE-2021-3749, CVE-2021-23358,  CVE-2022-31129, CVE-2020-28168,  CVE-2023-45857 Summaryaxios Inefficient Regular Expression Complexity vulnerabilityAxios vulnerable to Server-Side Request ForgeryAxios Cross-Site Request Forgery VulnerabilityArbitrary Code Execution in underscore Hotfix Information 
Read more about Axios and undescore security update (MINDBREEZE32145)