Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

CoreOS Security Update (MINDBREEZE30572)

ID: MINDBREEZE30572 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High  Status: Final First published: July 31, 2024 CVEs: CVE-2024-2961, CVE-2024-1048 Summaryglibc: Out of bounds write in iconv may lead to remote code executiongrub2: grub2-set-bootflag can be abused by local (pseudo-)users Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about CoreOS Security Update (MINDBREEZE30572)

Update commons compress to 1.26.1 Update bouncycastle to 1.78.1 (MINDBREEZE30411)

ID: MINDBREEZE30411 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS   Severity: MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2024-26308 CVE-2024-30171 CVE-2024-29857   
Read more about Update commons compress to 1.26.1 Update bouncycastle to 1.78.1 (MINDBREEZE30411)

Security Update Chromium Component (MINDBREEZE30280)

ID: MINDBREEZE30280 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.2 High Status: Final First published: March 18, 2024 CVEs: CVE-2024-1060 CVE-2024-1077 CVE-2024-1284 CVE-2024-1283 CVE-2024-1669 CVE-2024-1670 CVE-2024-1671 CVE-2024-1672 CVE-2024-1674 CVE-2024-1676 SummarySecurity Update Chromium Component
Read more about Security Update Chromium Component (MINDBREEZE30280)

CoreOS Security Update (MINDBREEZE30237)

ID: MINDBREEZE30237 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: May 28, 2024 CVEs: CVE-2023-42465, CVE-2024-1086, CVE-2024-23851, CVE-2024-26585, CVE-2024-26582, CVE-2024-26584, CVE-2024-26583, CVE-2024-26603, CVE-2024-26604, CVE-2024-26606, CVE-2024-2905 
Read more about CoreOS Security Update (MINDBREEZE30237)

Update XercesImpl to 2.12.2 (MINDBREEZE30136)

ID: MINDBREEZE30136   Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS   Severity: 5.5 MEDIUM Status: Final First published: September 04, 2024 CVEs: CVE-2012-0881 CVE-2013-4002 CVE-2009-2625 CVE-2020-14338   
Read more about Update XercesImpl to 2.12.2 (MINDBREEZE30136)

Python Security Update (MINDBREEZE30001)

ID: MINDBREEZE30001 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: March 18, 2024 CVEs: CVE-2023-52323 Summarypycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.1 Release Mindbreeze InSpire SaaS 24.1 Release 
Read more about Python Security Update (MINDBREEZE30001)

Update PDF.js to v 2.0 and viewer.js in order to provide better answer highlighting in a PDF document (CVE-2018-5158, HIGH, affected) (MINDBREEZE29997)

ID: MINDBREEZE29997 Affected Components: Mindbreeze InSpire Severity: High Status: Final First published: September 04, 2024 CVEs: CVE-2024-4367 SummaryA type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context.  Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire SaaS 24.5 ReleaseMindbreeze InSpire 24.5 Release
Read more about Update PDF.js to v 2.0 and viewer.js in order to provide better answer highlighting in a PDF document (CVE-2018-5158, HIGH, affected) (MINDBREEZE29997)

Security Update Chromium Component (MINDBREEZE29950)

ID: MINDBREEZE29950 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: March 18, 2024 CVEs: CVE-2023-7024 CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2023-7024 CVE-2024-0807 CVE-2024-0812 CVE-2024-0808 CVE-2024-0810 CVE-2024-0517 CVE-2024-0518 CVE-2024-0519 SummarySecurity Update Chromium Component
Read more about Security Update Chromium Component (MINDBREEZE29950)

Keycloak Update (MINDBREEZE29867)

ID: MINDBREEZE29867 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.4 Medium Status: Final Last Update: February 2, 2024 First published: March 18, 2024 CVEs: CVE-2023-6134 SummaryKeycloak - vulnerable to reflected XSS via wildcard in OIDC redirect_uri  Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.1 Release Mindbreeze InSpire SaaS 24.1 Release 
Read more about Keycloak Update (MINDBREEZE29867)

Keycloak Update (MINDBREEZE29867)

ID: MINDBREEZE29867 Affected Components: Mindbreeze InSpire On Premises, Mindbreeze InSpire SaaS Severity: 5.4 Medium Status: Final Last Update: February 2, 2024 First published: May 28, 2024 CVEs: CVE-2023-6134 SummaryKeycloak - vulnerable to reflected XSS via wildcard in OIDC redirect_uri Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Keycloak Update (MINDBREEZE29867)