Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Updated OpenJDK to Version 1.8.0.422 (MINDBREEZE32044)

ID: MINDBREEZE32044 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.4 HIGH Status: Final First published: September 04, 2024 CVEs: CVE-2024-21147 CVE-2024-21140 CVE-2024-21145 CVE-2024-21011 CVE-2024-21068 CVE-2024-21094 CVE-2024-21131 CVE-2024-21138 
Read more about Updated OpenJDK to Version 1.8.0.422 (MINDBREEZE32044)

Chromium Security Update (MINDBREEZE32037)

ID: MINDBREEZE32037 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.9 High Status: Final First published: October 10, 2024 
Read more about Chromium Security Update (MINDBREEZE32037)

Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

ID: MINDBREEZE31787 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS   Severity: 6.1 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2016-10735 CVE-2018-20676 CVE-2018-20677 SummaryCVE-2016-10735 bootstrap XSS is possible in the data-target attributeCVE-2018-20676 bootstrap XSS is possible in the tooltip data-viewport attributeCVE-2018-20677 bootstrap XSS is possible in the affix configuration target property  Hotfix Information 
Read more about Update/Patch bootstrap.js inside /apps/lib/ (CVE-2016-10735,CVE-2018-20676,CVE-2018-20677, MEDIUM) (MINDBREEZE31787)

Chromium Security Update 126.0.6478.126 (MINDBREEZE31715)

ID: MINDBREEZE31715 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire   Severity: 5.5 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2024-5830,CVE-2024-5831,CVE-2024-5832,CVE-2024-5833,CVE-2024-5834,CVE-2024-5837,CVE-2024-5838,CVE-2024-5839,CVE-2024-5840,CVE-2024-5841,CVE-2024-5845,CVE-2024-5846,CVE-2024-5847,CVE-2024-6100,CVE-2024-6101,CVE-2024-6102,CVE-2024-6103,CVE-2024-6290,CVE-2024-6291,CVE-2024-6292,CVE-2024-6293  
Read more about Chromium Security Update 126.0.6478.126 (MINDBREEZE31715)

Dell iDRAC security update (MINDBREEZE31703)

ID: MINDBREEZE31703  Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire  Severity: 7.6 High Status: Final First published: September 04, 2024 CVEs: CVE-2024-25943, CVE-2024-21823  Summarysession hijacking vulnerability in IPMIkernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Dell iDRAC security update (MINDBREEZE31703)

OpenSSH Security Update (MINDBREEZE31597)

ID: MINDBREEZE31597  Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 Severity: 8.1 High Status: Final First published: September 04, 2024 CVEs: CVE-2024-6387 SummaryA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Read more about OpenSSH Security Update (MINDBREEZE31597)

OpenSSH Security Update (MINDBREEZE31597)

ID: MINDBREEZE31597 Affected Components: Mindbreeze InSpire <= 24.3 Hotfix 1 Severity: 8.1 High Status: Final First published: July 3, 2024 CVEs: CVE-2024-6387 SummaryA security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Read more about OpenSSH Security Update (MINDBREEZE31597)

Keycloak 25.0.2 Update & Update java-17-openjdk to version 17.0.12.0.7 (MINDBREEZE31522)

ID: MINDBREEZE31522Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 8.1 HIGH Status: Final First published: September 04, 2024 
Read more about Keycloak 25.0.2 Update & Update java-17-openjdk to version 17.0.12.0.7 (MINDBREEZE31522)

CoreOS Security Update (MINDBREEZE31367)

ID: MINDBREEZE31367 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpire   Severity: 5.5 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2024-27022, CVE-2024-27020, CVE-2024-27019, CVE-2024-27012, CVE-2024-27011, CVE-2024-27010, CVE-2024-27007, CVE-2024-27004,  CVE-2024-27003,  CVE-2024-26993,  CVE-2024-26992,  CVE-2024-26991, CVE-2024-26990,  CVE-2024-26988,  CVE-2024-26987,  CVE-2024-26983, CVE-2024-6387   
Read more about CoreOS Security Update (MINDBREEZE31367)

Python Security Update (MINDBREEZE31225)

ID: MINDBREEZE31225 Affected Components: Mindbreeze InSpire SaaS, Mindbreeze InSpireSeverity: 3.7 Low Status: Final First published: September 04, 2024 CVEs: CVE-2024-39689 Summarypython-certifi: Remove root certificates from `GLOBALTRUST` from the root store Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire Release 24.5Mindbreeze InSpire SaaS Release 24.5
Read more about Python Security Update (MINDBREEZE31225)