Mindbreeze InSpire Vulnerabilities
This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.
If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.
Vulnerabilities
ID: MINDBREEZE22124
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.5 High
Status: Final
First published: September 28, 2022
CVEs: CVE-2017-18214
Summary
The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
ID: MINDBREEZE21682
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.8 High
Status: Final
First published: June 29, 2022
CVEs: CVE-2022-0185
Summary
CVE-2022-0185 kernel: fs_context: heap overflow in legacy parameter handling.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Mindbreeze InSpire 22.1 Release (Version 22.1.0.1309)
ID: MINDBREEZE21528
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.8 High
Status: Final
First published: March 16, 2022
CVEs: CVE-2021-4034
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Mindbreeze InSpire 21.3 Release Hotfix 4 (Version 21.3.5.1708)
ID: MINDBREEZE21044
Affected Components: None
Severity: 6.8 Moderate
Status: Final
First published: December 16, 2021
CVEs: CVE-2021-44228
ID: MINDBREEZE20551
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 5.3 Medium
Status: Final
First published: June 29, 2022
CVEs: CVE-2021-35578, CVE-2021-35603, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299
ID: MINDBREEZE19439
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.5 High
Status: Final
First published: October 4, 2021
CVEs: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090
Summary
CVE-2021-35515: When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop
ID: MINDBREEZE19391
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.0 Important
Status: Final
First published: October 4, 2021
CVEs: CVE-2021-33909, CVE-2019-20934
Summary
BZ - 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function
BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer
Remediation
Hotfix Information
ID: MINDBREEZE18807
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.8 Important
Status: Final
First published: October 4, 2021
CVEs: CVE-2021-3347, CVE-2020-8648, CVE-2020-27170
ID: MINDBREEZE18131
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 5.4 Medium
Status: Final
First published: October 28, 2021
CVEs: CVE-2020-1725, CVE-2020-14302, CVE-2020-10770
Summary
CVE-2020-1725: A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. (5.4 Medium)
ID: MINDBREEZE17777
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 5.5 Medium
Status: Final
First published: October 4, 2021
CVEs: CVE-2021-28657, CVE-2021-27906, CVE-2021-27807