Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Javascript Library jQuery UI Security Update (MINDBREEZE22857)

ID: MINDBREEZE22857  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.5 Medium  Status: Final  First published: January 25, 2023  CVEs: CVE-2021-41182, CVE-2021-41183, CVE-2021-41184  Summary This vulnerability may allow running cross-site scripting (XSS) attacks due to improper jQuery method.    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 22.3 Release (Version 22.3.0.1109) 
Read more about Javascript Library jQuery UI Security Update (MINDBREEZE22857)

MomentJS Security Update (MINDBREEZE22842)

ID: MINDBREEZE22842  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.5 Medium  Status: Final  First published: June 29, 2022  CVEs: CVE-2022-24785  Summary CVE-2022-24785 Moment.js: Path traversal in moment.locale    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 22.1 Release (Version 22.1.0.1309)  Mindbreeze InSpire SaaS 22.1 Release (Version 22.1.0.1309)
Read more about MomentJS Security Update (MINDBREEZE22842)

Javascript Library Moment.js Security Update (MINDBREEZE22124)

ID: MINDBREEZE22124  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.5 High  Status: Final  First published: September 28, 2022  CVEs: CVE-2017-18214  Summary  The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
Read more about Javascript Library Moment.js Security Update (MINDBREEZE22124)

CoreOS Security Update (MINDBREEZE21682)

ID: MINDBREEZE21682  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.8 High  Status: Final  First published: June 29, 2022  CVEs: CVE-2022-0185  Summary  CVE-2022-0185 kernel: fs_context: heap overflow in legacy parameter handling.    Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 22.1 Release (Version 22.1.0.1309) 
Read more about CoreOS Security Update (MINDBREEZE21682)

Mitigation for CVE-2021-4034 in polkit (MINDBREEZE21528)

ID: MINDBREEZE21528  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.8 High  Status: Final  First published: March 16, 2022  CVEs: CVE-2021-4034  Summary  A local privilege escalation vulnerability was found on polkit's pkexec utility.    Hotfix Information  Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 21.3 Release Hotfix 4 (Version 21.3.5.1708) 
Read more about Mitigation for CVE-2021-4034 in polkit (MINDBREEZE21528)

Mindbreeze InSpire is NOT vulnerable to the Apache Log4j2 Remote Code Execution (RCE) (MINDBREEZE21044)

ID: MINDBREEZE21044  Affected Components: None  Severity: 6.8 Moderate  Status: Final  First published: December 16, 2021  CVEs: CVE-2021-44228 
Read more about Mindbreeze InSpire is NOT vulnerable to the Apache Log4j2 Remote Code Execution (RCE) (MINDBREEZE21044)

OpenJDK Security Update (8u322) (MINDBREEZE20551)

ID: MINDBREEZE20551  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.3 Medium  Status: Final  First published: June 29, 2022  CVEs: CVE-2021-35578, CVE-2021-35603, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299 
Read more about OpenJDK Security Update (8u322) (MINDBREEZE20551)

Commons-Compress Security Update (MINDBREEZE19439)

ID: MINDBREEZE19439  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.5 High  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090  Summary CVE-2021-35515:  When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop
Read more about Commons-Compress Security Update (MINDBREEZE19439)

Kernel Security Update (MINDBREEZE19391)

ID: MINDBREEZE19391  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.0 Important​​​​​​​​​​​​​​  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-33909, CVE-2019-20934  Summary BZ - 1902788 - CVE-2019-20934 kernel: use-after-free in show_numa_stats function BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer Remediation Hotfix Information
Read more about Kernel Security Update (MINDBREEZE19391)

Kernel Security Update (MINDBREEZE18807)

ID: MINDBREEZE18807  Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 7.8 Important  Status: Final  First published: October 4, 2021  CVEs: CVE-2021-3347, CVE-2020-8648, CVE-2020-27170 
Read more about Kernel Security Update (MINDBREEZE18807)