Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM57C1E5D3E1D89678AC9490647007D669B55212DD6B4D7DF4891652E5000597C4
HistoryMay 13, 2021 - 7:33 p.m.

Security Bulletin: A security vulnerability in MongoDB Server affects IBM Cloud Pak for Multicloud Management Managed Service

2021-05-1319:33:33
www.ibm.com
7
mongodb server
ibm cloud pak for multicloud management
vulnerability
remote attacker
sensitive information
upgrade
ibm cloud pak for multicloud management 2.3

EPSS

0.001

Percentile

28.4%

JSON

Summary

A security vulnerability in MongoDB Server affects IBM Cloud Pak for Multicloud Management Managed Service.

Vulnerability Details

CVEID:CVE-2020-7928
**DESCRIPTION:**MongoDB Server could allow a remote authenticated attacker to obtain sensitive information. By issuing a specially crafted query that violates an invariant in the server selection subsystem, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192277 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Multicloud Management Infrastructure Management All

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3 by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade.&gt;

Workarounds and Mitigations

None

Related

osv 2
ibm 3
mongodb 1
ubuntucve 1
openvas 2
cvelist 1
nvd 1
cve 1
redhatcve 1
debiancve 1
prion 1
nessus 1
osv
osv
BIT-mongodb-2020-7928
2024-03-06 10:58:33
CVE-2020-7928
2020-11-23 17:15:12
ibm
ibm
Security Bulletin: A security vulnerability in MongoDB affects IBM Cloud Automation Manager.
2021-02-17 16:54:26
Security Bulletin: IBM Cloud Private is vulnerable to MongoDB vulnerabilities (CVE-2020-7926, CVE-2020-7925, CVE-2020-7928)
2021-02-26 16:19:58
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
2021-02-26 20:44:22
mongodb
mongodb
Improper neutralization of null byte leads to read overrun
2020-11-23 17:20:00
ubuntucve
ubuntucve
CVE-2020-7928
2020-11-23 00:00:00
openvas
openvas
MongoDB 3.6 < 3.6.20, 4.0 < 4.0.20, 4.2 < 4.2.9, 4.4 < 4.4.1 Read Overrun Vulnerability - Windows
2020-12-02 00:00:00
MongoDB 3.6 < 3.6.20, 4.0 < 4.0.20, 4.2 < 4.2.9, 4.4 < 4.4.1 Read Overrun Vulnerability - Linux
2020-12-02 00:00:00
cvelist
cvelist
CVE-2020-7928 Improper neutralization of null byte leads to read overrun
2020-11-23 16:35:12
nvd
nvd
CVE-2020-7928
2020-11-23 17:15:12
cve
cve
CVE-2020-7928
2020-11-23 17:15:12
redhatcve
redhatcve
CVE-2020-7928
2020-11-23 20:51:37
debiancve
debiancve
CVE-2020-7928
2020-11-23 17:15:00
prion
prion
Buffer overflow
2020-11-23 17:15:00
nessus
nessus
Dell Wyse Management Suite < 3.2 Multiple Vulnerabilities (DSA-2021-070)
2021-04-07 00:00:00

EPSS

0.001

Percentile

28.4%

JSON
Related for 57C1E5D3E1D89678AC9490647007D669B55212DD6B4D7DF4891652E5000597C4
osv2ibm3mongodb1ubuntucve1openvas2cvelist1nvd1cve1redhatcve1debiancve1prion1nessus1