Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

ID: MINDBREEZE20551  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.3 Medium  Status: Final  First published: June 29, 2022  CVEs: CVE-2021-35578, CVE-2021-35603, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299 
ID: MINDBREEZE19439  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.5 High  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090  Summary CVE-2021-35515:  When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop
ID: MINDBREEZE19391  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.0 Important​​​​​​​​​​​​​​  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-33909, CVE-2019-20934  Summary BZ - 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer Remediation Hotfix Information
ID: MINDBREEZE18807  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.8 Important  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-3347, CVE-2020-8648, CVE-2020-27170 
ID: MINDBREEZE18131  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.4 Medium  Status: Final  First published: October 28, 2021  CVEs: CVE-2020-1725, CVE-2020-14302, CVE-2020-10770  Summary CVE-2020-1725: A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token. (5.4 Medium) 
ID: MINDBREEZE17777  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.5 Medium  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-28657, CVE-2021-27906, CVE-2021-27807 
ID: MINDBREEZE17003  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 4.1 Medium  Status: Final  First published: March 2, 2021  Summary Using the SharePoint Online connector with the Option "Enable Delta Crawl" active (enabled by default), changes to SharePoint user roles (Role Updates) are not processed correctly. This can lead to Document ACLs being out of date.
ID: MINDBREEZE16594  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.9 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2020-1971 Summary OpenSSL: EDIPARTYNAME NULL pointer de-reference could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Remediation Hotfix Information
ID: MINDBREEZE16269  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023 Summary Removing this legacy Libraries fixes the following CVEs:
ID: MINDBREEZE16267  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2018-14040, CVE-2018-1404, CVE-2018-14042, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2015-9251, CVE-2019-11358, CVE-2012-6708 Summary Bootstrap and JQuery update contains fixes for te following CVEs: