Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

ID: MINDBREEZE27958  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 8.8 High  Status: Final  First published: September 29, 2023  CVEs: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-3732, CVE-2023-3216, CVE-2023-3079, CVE-2023-3420, CVE-2023-3421  Summary Security Update Chromium Component
ID: MINDBREEZE27758  Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.8 High  Status: Final  First published: September 29, 2023  CVEs: CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-28321, CVE-2023-28322, CVE-2023-2124, CVE-2023-35001, CVE-2023-31248 
ID: MINDBREEZE27757  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.5 High  Status: Final  CVEs: CVE-2022-46663  Summary Crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal   Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:  Mindbreeze InSpire 23.4 Release  Mindbreeze InSpire SaaS 23.4 Release
ID: MINDBREEZE27627  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 8.8 High  Status: Final  First published: October 20, 2023  CVEs: CVE-2023-21930, CVE-2023-21967, CVE-2023-21937  Summary Java Security Update CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation CVE-2023-21937 OpenJDK: missing string checks for NULL characters   Hotfix Information
ID: MINDBREEZE27623 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: November 23, 2023 CVEs: CVE-2021-38578, CVE-2023-25537 SummaryExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSizeOut of Bounds write vulnerability in Dell PowerEdge BIOS Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
ID: MINDBREEZE27447  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 8.8 High  Status: Final  First published: October 20, 2023  CVEs: CVE-2023-2721, CVE-2023-2723, CVE-2023-2724, CVE-2023-2929, CVE-2023-2931, CVE-2023-2932, CVE-2023-2933, CVE-2023-2934, CVE-2023-2935, CVE-2023-2936, CVE-2023-3216, CVE-2023-3079, CVE-2023-3420, CVE-2023-3421  Summary Security Update Chromium Component
ID: MINDBREEZE27225  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 8.8 High  Status: Final  First published: October 20, 2023  CVEs: CVE-2023-2133, CVE-2023-2134, CVE-2023-2135, CVE-2023-2136, CVE-2023-2137, CVE-2023-2033, CVE-2023-1810, CVE-2023-1811, CVE-2023-1812, CVE-2023-1814, CVE-2023-1815, CVE-2023-1816, CVE-2023-1817, CVE-2023-1819, CVE-2023-1822, CVE-2023-1823 
ID: MINDBREEZE27220  Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS  Severity: 7.4 High  Status: Final  First published: October 20, 2023  CVEs: CVE-2023-1829  Summary Use-after-free vulnerability in the Linux Kernel traffic control index filter   Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:  Mindbreeze InSpire 23.3 Release (Version 23.3.0.274) 
ID: MINDBREEZE27013 Affected Components: Mindbreeze InSpire Severity: 8.1 High Status: Final CVEs: CVE-2022-1274, CVE-2022-3782 SummaryCVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API CVE-2022-3782 keycloak: path traversal via double URL encoding  Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 23.2 Release 
ID: MINDBREEZE27013 Affected Components: Mindbreeze InSpire Severity: 8.1 High Status: Final First published: March 7, 2024 CVEs: CVE-2022-1274, CVE-2022-3782 SummaryCVE-2022-1274 keycloak: HTML injection in execute-actions-email Admin REST API CVE-2022-3782 keycloak: path traversal via double URL encoding  Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises: Mindbreeze InSpire 23.2 Release