Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

OpenJDK Security Update (8u322) (MINDBREEZE20551)

ID: MINDBREEZE20551  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.3 Medium  Status: Final  First published: June 29, 2022  CVEs: CVE-2021-35578, CVE-2021-35603, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299 
Read more about OpenJDK Security Update (8u322) (MINDBREEZE20551)

Commons-Compress Security Update (MINDBREEZE19439)

ID: MINDBREEZE19439  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.5 High  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090  Summary CVE-2021-35515:  When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop
Read more about Commons-Compress Security Update (MINDBREEZE19439)

Kernel Security Update (MINDBREEZE19391)

ID: MINDBREEZE19391  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.0 Important​​​​​​​​​​​​​​  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-33909, CVE-2019-20934  Summary BZ - 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer Remediation Hotfix Information
Read more about Kernel Security Update (MINDBREEZE19391)

Kernel Security Update (MINDBREEZE18807)

ID: MINDBREEZE18807  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.8 Important  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-3347, CVE-2020-8648, CVE-2020-27170 
Read more about Kernel Security Update (MINDBREEZE18807)

Keycloak Security Update (MINDBREEZE18131)

ID: MINDBREEZE18131  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.4 Medium  Status: Final  First published: October 28, 2021  CVEs: CVE-2020-1725, CVE-2020-14302, CVE-2020-10770  Summary CVE-2020-1725: A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. (5.4 Medium) 
Read more about Keycloak Security Update (MINDBREEZE18131)

Apache Tika Security Update (MINDBREEZE17777)

ID: MINDBREEZE17777  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.5 Medium  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-28657, CVE-2021-27906, CVE-2021-27807 
Read more about Apache Tika Security Update (MINDBREEZE17777)

SharePoint Online Connector does not process Role Updates correctly (MINDBREEZE17003)

ID: MINDBREEZE17003  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 4.1 Medium  Status: Final  First published: March 2, 2021  Summary Using the SharePoint Online connector with the Option "Enable Delta Crawl" active (enabled by default), changes to SharePoint user roles (Role Updates) are not processed correctly. This can lead to Document ACLs being out of date.
Read more about SharePoint Online Connector does not process Role Updates correctly (MINDBREEZE17003)

OpenSSL Security Update (MINDBREEZE16594)

ID: MINDBREEZE16594  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.9 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2020-1971 Summary OpenSSL: EDIPARTYNAME NULL pointer de-reference could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Remediation Hotfix Information
Read more about OpenSSL Security Update (MINDBREEZE16594)

Removed Legacy Versions of Javascript Libraries: jQuery and RequireJS (MINDBREEZE16269)

ID: MINDBREEZE16269  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023 Summary Removing this legacy Libraries fixes the following CVEs:
Read more about Removed Legacy Versions of Javascript Libraries: jQuery and RequireJS (MINDBREEZE16269)

Javascript Library Bootstrap and JQuery Security Update (MINDBREEZE16267)

ID: MINDBREEZE16267  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2018-14040, CVE-2018-1404, CVE-2018-14042, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2015-9251, CVE-2019-11358, CVE-2012-6708 Summary Bootstrap and JQuery update contains fixes for te following CVEs:
Read more about Javascript Library Bootstrap and JQuery Security Update (MINDBREEZE16267)