A Security Vulnerability affects IBM Cloud Private Core Services
CVEID: CVE-2019-2386 DESCRIPTION: MongoDB Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper session management. By reusing an established session of said user, an attacker could exploit this vulnerability to gain access to the database server.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/164984> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
IBM Cloud Private 3.1.0, 3.1.1, 3.1.2, 3.2.0
Product defect fixes and security updates are only available for the two most recent Continuous Delivery (CD) update packages
For IBM Cloud Private 3.2.0, apply October fix pack or patch:
For IBM Cloud Private 3.1.2, apply patch:
For IBM Cloud Private 3.1.0, 3.1.1:
None