Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Security update of the Kerberos assistant (MINDBREEZE32736)

ID: MINDBREEZE32736 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 4.5 medium Status: Final First published: -CVEs: MINDBREEZE32736 SummaryMissing HTML escaping in MMC Kerberos configuration may allow script execution in the browser window  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 Hotfix 1 Mindbreeze InSpire Saas Release 24.6 Hotfix 1 
Read more about Security update of the Kerberos assistant (MINDBREEZE32736)

app.telemetry Security Update (MINDBREEZE32732)

ID: MINDBREEZE32732 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.8 Medium Status: Final CVEs: PDO15041 SummaryXSS in app.telemetry Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.6 HF1 Mindbreeze InSpire SaaS Release 24.6 HF1 
Read more about app.telemetry Security Update (MINDBREEZE32732)

CoreOS Security Update (MINDBREEZE32644)

ID: MINDBREEZE32644 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 8.6 High Status: Final First published: December 2, 2024CVEs: CVE-2024-32487, RH-CVE-2280317 Summaryless: OS command injection kernel: slab-out-of-bounds in hex_dump_to_buffer Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.7 Mindbreeze InSpire Saas Release 24.7 
Read more about CoreOS Security Update (MINDBREEZE32644)

Keycloak Update (MINDBREEZE32592)

ID: MINDBREEZE32592 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.7 High Status: Final First published: December 2, 2024 CVEs: CVE-2023-6841, CVE-2024-7341, CVE-2024-8698, CVE-2024-4629 
Read more about Keycloak Update (MINDBREEZE32592)

Chromium Security Update (MINDBREEZE32590)

ID: MINDBREEZE32590 Affected Components: Mindbreeze  InSpire, Mindbreeze InSpire SaaS  Severity: 6.8 Medium Status: Final First published: December 2, 2024CVEs: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198, CVE-2024-8362, CVE-2024-7970, CVE-2024-8636, CVE-2024-8637, CVE-2024-8638, CVE-2024-8639, CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909, CVE-2024-9120, CVE-2024-9121, CVE-2024-9122, CVE-2024-9123, CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603 
Read more about Chromium Security Update (MINDBREEZE32590)

CMP Timestamp Request Remote Date Disclosure (MINDBREEZE32672)

ID: MINDBREEZE32672 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS     Severity: Low Status: Final First published: December 20, 2024 CVEs: CVE-1999-0524 SummaryICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about CMP Timestamp Request Remote Date Disclosure (MINDBREEZE32672)

Chromium Security Update (MINDBREEZE33366)

ID: MINDBREEZE33366 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire    Severity: HighStatus: Final First published: December 20, 2024 CVEs: CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9964, CVE-2024-9966, CVE-2024-10230, CVE-2024-10231, CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117, CVE-2024-10487, CVE-2024-10827
Read more about Chromium Security Update (MINDBREEZE33366)

Dell Firmware and BIOS Update (MINDBREEZE32589)

ID: MINDBREEZE32589 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire   Severity: 8.8 High Status: Final First published: December 20, 2024 CVEs: CVE-2024-38303, CVE-2024-38304, CVE-2024-21829, CVE-2024-21781, CVE-2023-43753, CVE-2024-23599, CVE-2024-23984, CVE-2024-21820, CVE-2024-23918, CVE-2024-27457 
Read more about Dell Firmware and BIOS Update (MINDBREEZE32589)

Core OS 40 Update (MINDBREEZE33285)

ID: MINDBREEZE33285 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS    Severity: Medium  Status: Final First published: December 20, 2024 CVEs: CVE-2024-45306 SummaryA heap-buffer overflow in Vim   Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire SaaS Release 24.8  Mindbreeze InSpire 24.8 Release 
Read more about Core OS 40 Update (MINDBREEZE33285)

Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)

ID: MINDBREEZE32554 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire G7 Remote Connector  Severity: Critical  Status: Final First published: October 10, 2024 CVEs: MINDBREEZE32554 SummaryFix a problem with Microsoft File Connector if Deny Rules are used with disabled local group resolution which could lead to information disclosure in the search. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 24.5 HF2 
Read more about Microsoft File Connector information disclosure fix handling of Deny Rules in case of disabled local group resolution (MINDBREEZE32554)