Mindbreeze InSpire Vulnerabilities
This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.
If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.
Vulnerabilities
ID: MINDBREEZE31597 Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 Severity: 8.1 High Status: Final First published: July 3, 2024 CVEs: CVE-2024-6387 SummaryA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
ID: MINDBREEZE31126 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: May 24, 2024 CVEs: CVE-2024-4367 SummaryA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.3 Hotfix 1 Release Mindbreeze InSpire SaaS 24.3 Hotfix 1 Release
ID: MINDBREEZE31126 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: July 31, 2024 CVEs: CVE-2024-4367 SummaryA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
ID: MINDBREEZE31048 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: July 31, 2024 CVEs: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060, CVE-2024-4368, CVE-2024-4558, CVE-2024-4559, CVE-2024-4947, CVE-2024-4948, CVE-2024-4949, CVE-2024-4761, CVE-2024-4671, CVE-2024-5157, CVE-2024-5158, CVE-2024-5159, CVE-2024-5160, CVE-2024-5274, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5498, CVE-2024-5499
ID: MINDBREEZE30948 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: July 31, 2024 CVEs: MINDBREEZE30948 SummaryInsight App Designer XSS and Apps: via Inclusion of External Script via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release
ID: MINDBREEZE30948 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: May 15, 2024 CVEs: MINDBREEZE30947 SummaryInsight App Designer XSS and Apps: via Inclusion of External Script via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release
ID: MINDBREEZE30947 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: July 31, 2024 CVEs: MINDBREEZE30947 SummaryMINDBREEZE30947 Client Service Redirection Vulnerability via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release
ID: MINDBREEZE30947 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: May 15, 2024 CVEs: MINDBREEZE30947 SummaryMINDBREEZE30947 Client Service Redirection Vulnerability via URL Parameter Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.2 Hotfix 1 Release Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release
ID: MINDBREEZE30937 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: July 31, 2024 CVEs: CVE-2023-29483, CVE-2024-3651, CVE-2024-28102, CVE-2024-28219 Summarydnspython: denial of service in stub resolverpython-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()python-jwcrypto: malicious JWE token can cause denial of servicepython-pillow: buffer overflow in _imagingcms.c Hotfix Information
ID: MINDBREEZE30802 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.9 High Status: Final First published: May 28, 2024 CVEs: CVE-2024-0172, CVE-2024-0154, CVE-2024-0173, CVE-2023-22655, CVE-2024-0161, CVE-2024-0162, CVE-2024-0163, CVE-2022-21233, CVE-2021-33060