Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

CoreOS Security Update (MINDBREEZE29833)

ID: MINDBREEZE29833 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: March 18, 2024 CVEs: CVE-2023-48795, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, CVE-2023-50495, CVE-2023-6111, CVE-2023-2602, CVE-2023-2603, CVE-2023-48795, CVE-2023-51385 
Read more about CoreOS Security Update (MINDBREEZE29833)

Security Update to disable keytab in JAAS login configuration for Basic authentication (MINDBREEZE29751)

ID: MINDBREEZE29751 Affected Components: Mindbreeze InSpire G7 with active Kerberos client authentication Severity: Critical Status: Final First published: December 18, 2023 CVEs: MINDBREEZE29751 
Read more about Security Update to disable keytab in JAAS login configuration for Basic authentication (MINDBREEZE29751)

Security Update Chromium Component (MINDBREEZE29591)

ID: MINDBREEZE29591 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.4 High Status: Final First published: February 8, 2024 CVEs: CVE-2023-5996 CVE-2023-6348 CVE-2023-6347 CVE-2023-6346 CVE-2023-6350 CVE-2023-6351 CVE-2023-6345 CVE-2023-6508 CVE-2023-6511 CVE-2023-6512 CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6707 SummarySecurity Update Chromium Component
Read more about Security Update Chromium Component (MINDBREEZE29591)

CoreOS Security Update 38.20231027.3.1 (MINDBREEZE29501)

ID: MINDBREEZE29501 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: February 8, 2024 CVEs: CVE-2023-5345, CVE-2023-42754, CVE-2023-42756 Summaryuse-after-free vulnerability in the smb client component NULL pointer dereference in ipv4_send_dest_unreach() race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP  Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about CoreOS Security Update 38.20231027.3.1 (MINDBREEZE29501)

Update Apache Santuario - XML Security for Java (MINDBREEZE29381)

ID: MINDBREEZE29381 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: March 18, 2024 CVEs: CVE-2023-44483 SummaryCVE-2023-44483 Private keys may be exposed in debug-level log files during XML Signature generation Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.1 Release Mindbreeze InSpire SaaS 24.1 Release 
Read more about Update Apache Santuario - XML Security for Java (MINDBREEZE29381)

app.telemtery Security Update (MINDBREEZE29369)

ID: MINDBREEZE29369 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.4 Medium Status: Final First published: November 29, 2023 CVEs: MINDBREEZE29369 SummaryXSS in app.telemetry Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 23.6 HF2 Release Mindbreeze InSpire SaaS 23.6 HF2 Release
Read more about app.telemtery Security Update (MINDBREEZE29369)

Open Redirect allows phishing attacks in MMC (mod_auth_oidc) (MINDBREEZE29368)

ID: MINDBREEZE29368 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.7 High Status: Final First published: February 8, 2024 CVEs: MINDBREEZE29368 SummaryOpen Redirect in mod_auth_openidc Hotfix InformationFixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 23.7 Release Mindbreeze InSpire SaaS 23.7 Release
Read more about Open Redirect allows phishing attacks in MMC (mod_auth_oidc) (MINDBREEZE29368)

Tomcat Security Update (MINDBREEZE29364)

ID: MINDBREEZE29381 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: March 18, 2024 CVEs: CVE-2023-42795, CVE-2023-45648, CVE-2023-46589 SummaryCVE-2023-42795: Tomcat Session request response objects recycling information leakingCVE-2023-45648: Tomcat HTTP trailer headers request smugglingCVE-2023-46589: Tomcat HTTP trailer headers request smuggling Hotfix Information
Read more about Tomcat Security Update (MINDBREEZE29364)

Confluence Connector information disclosure fix handling of Space Permissions (MINDBREEZE29127)

ID: MINDBREEZE29127 Affected Components: Mindbreeze InSpire G7, Mndbreeze InSpire SaaS Severity: Critical Status: Final First published: October 6, 2023 CVEs: MINDBREEZE29127 SummaryFix a problem with Atlassian Confluence Connector if space permissions are used in a specific way to override global permissions which could lead to information disclosure in the search.  
Read more about Confluence Connector information disclosure fix handling of Space Permissions (MINDBREEZE29127)

Security Update Chromium Component (MINDBREEZE28926)

ID: MINDBREEZE29751 Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: February 8, 2024 CVEs: CVE-2023-5217 CVE-2023-5346 CVE-2023-5218 CVE-2023-5484 CVE-2023-5475 CVE-2023-5476 CVE-2023-5474 CVE-2023-5486 SummarySecurity Update Chromium Component
Read more about Security Update Chromium Component (MINDBREEZE28926)