11 matches found
Security Bulletin: IBM Security Guardium is affected by a mongodb-driver-legacy-4.1.1.jar vulnerability (CVE-2021-20328)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2021-20328 DESCRIPTION: MongoDB Java driver is vulnerable to a man-in-the-middle attack, caused by improper host name verification on the KMS server's certificate. An attacker could exploit this...
com.credibledoc:log-labelizer (>=1.0.40 <=1.0.51), com.github.gustavodsf:javers-persistence-mongo (>=5.15.0 <=5.16.0) +61 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (>=4.1.0 <=4.1.1)
org.mongodb:mongodb-driver-legacy MAVEN version =4.1.0, =1.0.40, =5.15.0, =5.15.0, =5.15.0, =1.5, =1.5, =1.5, =1.5, =1.2.2, =1.2.2, =1.2.3 - dev.morphia.morphia:core =1.6.1 - dev.morphia.morphia:entityscanner-plug =1.6.1 - dev.morphia.morphia:guice-plug =1.6.1 - dev.morphia.morphia:logging-slf4j...
com.coditory.sherlock:sherlock-mongo-sync (=0.4.3), com.hazelcast.jet.contrib:mongodb (=0.2) +22 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (>=3.11.0 <=3.11.2)
org.mongodb:mongodb-driver-sync MAVEN version =3.11.0, =0.0.1, =2.1.18, =2.1.18, =2.1.18, =2.0.0, =2.0.0, =2.0.0, =5.0.20.RC, =1.6.1, =3.11.0, =3.11.2 - org.mongojack:mongojack =2.10.1 and more Source cves: CVE-2021-20328 Source advisory: OSV:GHSA-RGHW-6PX2-FGWC...
ai.tock:bot-test (=20.9.3), ai.tock:bot-test-base (=20.9.3) +64 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (=4.2.0)
org.mongodb:mongodb-driver-sync MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mongodb:mongodb-driver-sync and may be impacted: - ai.tock:bot-test =20.9.3 - ai.tock:bot-test-base =20.9.3 - ai.tock:bot-toolkit =20.9.3 -...
org.mongojack:mongojack (=2.10.1), org.openprovenance.prov:prov-service-translation (>=2.0.4 <=2.2.1) +6 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (=3.11.0)
org.mongodb:mongodb-driver-legacy MAVEN version =3.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mongodb:mongodb-driver-legacy and may be impacted: - org.mongojack:mongojack =2.10.1 - org.openprovenance.prov:prov-service-translation =2.0.4,...
com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.0.0 <=4.5.0) +38 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (>=3.12.0 <=3.12.7)
org.mongodb:mongodb-driver-legacy MAVEN version =3.12.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =4.4.1 - com.github.rinoto.mongo:migramongo-core =1.4 - com.github.rinoto.mongo:migramongo-reflections =1.4 - com.github.rinoto.mongo:migramongo-spring =1.4 - com.github.rinoto.mongo:migramongo-spring-web =1....
Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update
A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: Red Hat Integration Debezium 1.4.2 security update
An update for Debezium MongoDB connector is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Vulnerabilities fixed in MongoDB
Vulnerabilities have been fixed in MongoDB. The vulnerabilities allow an unauthorized remote malicious person to obtain opportunity to obtain sensitive data. The malicious party must perform a successful man-in-the-middle attack that undoes the encryption of data is undone. Exploiting this...
CVE-2021-20328
Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...
CVE-2021-20328
CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...