Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9DC7C659F1438567B4955AEDC9607281C4EC74EB7AE5DE081252667CD156B750
HistoryFeb 26, 2021 - 4:19 p.m.

Security Bulletin: IBM Cloud Private is vulnerable to MongoDB vulnerabilities (CVE-2020-7926, CVE-2020-7925, CVE-2020-7928)

2021-02-2616:19:58
www.ibm.com
9
ibm cloud private
mongodb vulnerabilities
denial of service
sensitive information
fixes
version 3.2.1
version 3.2.2

EPSS

0.001

Percentile

47.8%

JSON

Summary

IBM Cloud Private is vulnerable to MongoDB vulnerabilities

Vulnerability Details

CVEID:CVE-2020-7926
**DESCRIPTION:**MongoDB Server is vulnerable to a denial of service. By sending specially-crafted queries, a remote authenticated attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192276 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-7925
**DESCRIPTION:**MongoDB Server is vulnerable to a denial of service, caused by incorrect validation of user-supplied input in the role name parser. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192278 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-7928
**DESCRIPTION:**MongoDB Server could allow a remote authenticated attacker to obtain sensitive information. By issuing a specially crafted query that violates an invariant in the server selection subsystem, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192277 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Private 3.2.1 CD
IBM Cloud Private 3.2.2 CD

Remediation/Fixes

Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages

  • IBM Cloud Private 3.2.1
  • IBM Cloud Private 3.2.2

For IBM Cloud Private 3.2.1, apply fix pack:

For IBM Cloud Private 3.2.2, apply fix pack:

For IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0:

  • Upgrade to the latest Continuous Delivery (CD) update package, IBM Cloud Private 3.2.2.
  • If required, individual product fixes can be made available between CD update packages for resolution of problems. Contact IBM support for assistance

Workarounds and Mitigations

None

Related

osv 6
ibm 3
redhatcve 3
ubuntucve 3
openvas 6
cvelist 3
cve 3
debiancve 3
nvd 3
mongodb 3
prion 3
nessus 1
osv
osv
BIT-mongodb-2020-7928
2024-03-06 10:58:33
CVE-2020-7928
2020-11-23 17:15:12
CVE-2020-7925
2020-11-23 15:15:11
ibm
ibm
Security Bulletin: A security vulnerability in MongoDB affects IBM Cloud Automation Manager.
2021-02-17 16:54:26
Security Bulletin: A security vulnerability in MongoDB Server affects IBM Cloud Pak for Multicloud Management Managed Service
2021-05-13 19:33:33
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
2021-02-26 20:44:22
redhatcve
redhatcve
CVE-2020-7925
2020-11-23 22:13:37
CVE-2020-7928
2020-11-23 20:51:37
CVE-2020-7926
2020-11-23 22:11:39
ubuntucve
ubuntucve
CVE-2020-7925
2020-11-23 00:00:00
CVE-2020-7928
2020-11-23 00:00:00
CVE-2020-7926
2020-11-23 00:00:00
openvas
openvas
MongoDB 3.6 < 3.6.19, 4.0 < 4.0.20, 4.2 < 4.2.9 DoS Vulnerability - Windows
2020-12-02 00:00:00
MongoDB 3.6 < 3.6.19, 4.0 < 4.0.20, 4.2 < 4.2.9 DoS Vulnerability - Linux
2020-12-02 00:00:00
MongoDB 3.6 < 3.6.20, 4.0 < 4.0.20, 4.2 < 4.2.9, 4.4 < 4.4.1 Read Overrun Vulnerability - Windows
2020-12-02 00:00:00
cvelist
cvelist
CVE-2020-7925 Denial of Service when processing malformed Role names
2020-11-23 14:50:12
CVE-2020-7928 Improper neutralization of null byte leads to read overrun
2020-11-23 16:35:12
CVE-2020-7926 Specific query can cause a DoS against MongoDB Server
2020-11-23 15:05:15
cve
cve
CVE-2020-7925
2020-11-23 15:15:11
CVE-2020-7928
2020-11-23 17:15:12
CVE-2020-7926
2020-11-23 15:15:11
debiancve
debiancve
CVE-2020-7925
2020-11-23 15:15:00
CVE-2020-7926
2020-11-23 15:15:00
CVE-2020-7928
2020-11-23 17:15:00
nvd
nvd
CVE-2020-7925
2020-11-23 15:15:11
CVE-2020-7928
2020-11-23 17:15:12
CVE-2020-7926
2020-11-23 15:15:11
mongodb
mongodb
Specific query can cause a DoS against MongoDB Server
2020-11-30 14:00:00
Improper neutralization of null byte leads to read overrun
2020-11-23 17:20:00
Denial of Service when processing malformed Role names
2020-11-30 14:00:00
prion
prion
Code injection
2020-11-23 15:15:00
Input validation
2020-11-23 15:15:00
Buffer overflow
2020-11-23 17:15:00
nessus
nessus
Dell Wyse Management Suite < 3.2 Multiple Vulnerabilities (DSA-2021-070)
2021-04-07 00:00:00

EPSS

0.001

Percentile

47.8%

JSON
Related for 9DC7C659F1438567B4955AEDC9607281C4EC74EB7AE5DE081252667CD156B750
osv6ibm3redhatcve3ubuntucve3openvas6cvelist3cve3debiancve3nvd3mongodb3prion3nessus1