Mindbreeze InSpire Vulnerabilities
This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.
If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.
Vulnerabilities
ID: MINDBREEZE27757
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.5 High
Status: Final
CVEs: CVE-2022-46663
Summary
Crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Mindbreeze InSpire 23.4 Release
Mindbreeze InSpire SaaS 23.4 Release
ID: MINDBREEZE27627
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 8.8 High
Status: Final
First published: October 20, 2023
CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21937
Summary
Java Security Update
CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake
CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation
CVE-2023-21937 OpenJDK: missing string checks for NULL characters
Hotfix Information
ID: MINDBREEZE27623 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: November 23, 2023 CVEs: CVE-2021-38578, CVE-2023-25537 SummaryExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSizeOut of Bounds write vulnerability in Dell PowerEdge BIOS Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
ID: MINDBREEZE27447
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 8.8 High
Status: Final
First published: October 20, 2023
CVEs: CVE-2023-2721, CVE-2023-2723, CVE-2023-2724, CVE-2023-2929, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-3216, CVE-2023-3079, CVE-2023-3420, CVE-2023-3421
Summary
Security Update Chromium Component
ID: MINDBREEZE27225
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 8.8 High
Status: Final
First published: October 20, 2023
CVEs: CVE-2023-2133, CVE-2023-2134, CVE-2023-2135, CVE-2023-2136, CVE-2023-2137, CVE-2023-2033, CVE-2023-1810, CVE-2023-1811, CVE-2023-1812, CVE-2023-1814, CVE-2023-1815, CVE-2023-1816, CVE-2023-1817, CVE-2023-1819, CVE-2023-1822, CVE-2023-1823
ID: MINDBREEZE27220
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 7.4 High
Status: Final
First published: October 20, 2023
CVEs: CVE-2023-1829
Summary
Use-after-free vulnerability in the Linux Kernel traffic control index filter
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Mindbreeze InSpire 23.3 Release (Version 23.3.0.274)
ID: MINDBREEZE27013 Affected Components: Mindbreeze InSpire Severity: 8.1 High Status: Final CVEs: CVE-2022-1274, CVE-2022-3782 SummaryCVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API CVE-2022-3782 keycloak: path traversal via double URL encoding Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 23.2 Release
ID: MINDBREEZE27013 Affected Components: Mindbreeze InSpire Severity: 8.1 High Status: Final First published: March 7, 2024 CVEs: CVE-2022-1274, CVE-2022-3782 SummaryCVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API CVE-2022-3782 keycloak: path traversal via double URL encoding Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 23.2 Release
ID: MINDBREEZE26538
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 3.5 Low
Status: Final
First published: March 15, 2023
Summary
DataTableJS: prototype pollution, possible XSS
MomentJS: possible regular expression DoS
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Mindbreeze InSpire 23.1 Release (Version 23.1.0.410)
Mindbreeze InSpire Saas 23.1 Release (Version 23.1.0.410)
ID: MINDBREEZE26382
Affected Components: Mindbreeze InSpire
Severity: 7.3 High
Status: Final
First published: March 15, 2023
CVEs: CVE-2021-23337, CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2018-16487
Summary
Possible XSS and DoS in the Lodash library.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Mindbreeze InSpire 23.1 Release (Version 23.1.0.410)