Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

ID: MINDBREEZE29368 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.7 High Status: Final First published: February 8, 2024 CVEs: MINDBREEZE29368 SummaryOpen Redirect in mod_auth_openidc Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 23.7 Release Mindbreeze InSpire SaaS 23.7 Release
ID: MINDBREEZE29381 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: March 18, 2024 CVEs: CVE-2023-42795, CVE-2023-45648, CVE-2023-46589 SummaryCVE-2023-42795: Tomcat Session request response objects recycling information leakingCVE-2023-45648: Tomcat HTTP trailer headers request smugglingCVE-2023-46589: Tomcat HTTP trailer headers request smuggling Hotfix Information
ID: MINDBREEZE29127 Affected Components: Mindbreeze InSpire G7, Mndbreeze InSpire SaaS Severity: Critical Status: Final First published: October 6, 2023 CVEs: MINDBREEZE29127 SummaryFix a problem with Atlassian Confluence Connector if space permissions are used in a specific way to override global permissions which could lead to information disclosure in the search.  
ID: MINDBREEZE29751 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: February 8, 2024 CVEs: CVE-2023-5217 CVE-2023-5346 CVE-2023-5218 CVE-2023-5484 CVE-2023-5475 CVE-2023-5476 CVE-2023-5474 CVE-2023-5486 SummarySecurity Update Chromium Component
ID: MINDBREEZE28907 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: November 29, 2023 CVEs: CVE-2023-4016, CVE-2023-4563, CVE-2023-4244, CVE-2023-4911 Summaryps buffer overflowUse-after-free in nft_verdict_dump due to a race between set GC and transactionbuffer overflow in ld.so possibly leading to privilege escalation Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
ID: MINDBREEZE28567  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 8.8 High  Status: Final  First published: October 30, 2023  CVEs: CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4431, CVE-2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355, CVE-2023-4357, CVE-2023-4358, CVE-2023-4362, CVE-2023-4572, CVE-2023-4762, CVE-2023-4763, CVE-2023-4863, CVE-2023-4902, CVE-2023-4904, CVE-2023-4905, CVE-2023-4907, CVE-2023-4909  Summary Security Update Chromium Component
ID: MINDBREEZE28452 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.3 Medium Status: Final First published: February 8, 2024 CVEs: CVE-2022-40982, CVE-2022-43505 SummaryGather Data Sampling (GDS) (also known as “Downfall”) is a transient execution side-channel vulnerability Insufficient control flow management in the BIOS firmware  Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
ID: MINDBREEZE28058  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: October 30, 2023  CVEs: CVE-2022-4361  Summary CVE-2022-4361 keycloak cross-site scripting (XSS) vulnerability in the SAML or OIDC providers   Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:  Mindbreeze InSpire 23.6 Release 
ID: MINDBREEZE27958  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 8.8 High  Status: Final  First published: September 29, 2023  CVEs: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-3732, CVE-2023-3216, CVE-2023-3079, CVE-2023-3420, CVE-2023-3421  Summary Security Update Chromium Component
ID: MINDBREEZE27758  Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.8 High  Status: Final  First published: September 29, 2023  CVEs: CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-28321, CVE-2023-28322, CVE-2023-2124, CVE-2023-35001, CVE-2023-31248