Lucene search
+L

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/06/20 8:41 p.m.30 views

Security Bulletin: IBM Security Guardium is affected by a mongodb-driver-legacy-4.1.1.jar vulnerability (CVE-2021-20328)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2021-20328 DESCRIPTION: MongoDB Java driver is vulnerable to a man-in-the-middle attack, caused by improper host name verification on the KMS server's certificate. An attacker could exploit this...

6.8CVSS1.3AI score0.00432EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 10:28 p.m.10 views

com.credibledoc:log-labelizer (>=1.0.40 <=1.0.51), com.github.gustavodsf:javers-persistence-mongo (>=5.15.0 <=5.16.0) +61 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (>=4.1.0 <=4.1.1)

org.mongodb:mongodb-driver-legacy MAVEN version =4.1.0, =1.0.40, =5.15.0, =5.15.0, =5.15.0, =1.5, =1.5, =1.5, =1.5, =1.2.2, =1.2.2, =1.2.3 - dev.morphia.morphia:core =1.6.1 - dev.morphia.morphia:entityscanner-plug =1.6.1 - dev.morphia.morphia:guice-plug =1.6.1 - dev.morphia.morphia:logging-slf4j...

6.8CVSS6.7AI score0.00432EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 10:28 p.m.5 views

com.coditory.sherlock:sherlock-mongo-sync (=0.4.3), com.hazelcast.jet.contrib:mongodb (=0.2) +22 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (>=3.11.0 <=3.11.2)

org.mongodb:mongodb-driver-sync MAVEN version =3.11.0, =0.0.1, =2.1.18, =2.1.18, =2.1.18, =2.0.0, =2.0.0, =2.0.0, =5.0.20.RC, =1.6.1, =3.11.0, =3.11.2 - org.mongojack:mongojack =2.10.1 and more Source cves: CVE-2021-20328 Source advisory: OSV:GHSA-RGHW-6PX2-FGWC...

6.8CVSS6.7AI score0.00432EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 10:28 p.m.6 views

ai.tock:bot-test (=20.9.3), ai.tock:bot-test-base (=20.9.3) +64 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-sync (=4.2.0)

org.mongodb:mongodb-driver-sync MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mongodb:mongodb-driver-sync and may be impacted: - ai.tock:bot-test =20.9.3 - ai.tock:bot-test-base =20.9.3 - ai.tock:bot-toolkit =20.9.3 -...

6.8CVSS6.7AI score0.00432EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 10:28 p.m.6 views

org.mongojack:mongojack (=2.10.1), org.openprovenance.prov:prov-service-translation (>=2.0.4 <=2.2.1) +6 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (=3.11.0)

org.mongodb:mongodb-driver-legacy MAVEN version =3.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mongodb:mongodb-driver-legacy and may be impacted: - org.mongojack:mongojack =2.10.1 - org.openprovenance.prov:prov-service-translation =2.0.4,...

6.8CVSS6.7AI score0.00432EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/24 10:28 p.m.5 views

com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1), com.airbus-cyber-security.graylog:graylog-plugin-alert-wizard (>=4.0.0 <=4.5.0) +38 more potentially affected by CVE-2021-20328 via org.mongodb:mongodb-driver-legacy (>=3.12.0 <=3.12.7)

org.mongodb:mongodb-driver-legacy MAVEN version =3.12.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =4.4.1 - com.github.rinoto.mongo:migramongo-core =1.4 - com.github.rinoto.mongo:migramongo-reflections =1.4 - com.github.rinoto.mongo:migramongo-spring =1.4 - com.github.rinoto.mongo:migramongo-spring-web =1....

6.8CVSS6.7AI score0.00432EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/12/02 4:17 p.m.53 views

Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update

A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...

9.9CVSS7.5AI score0.98124EPSS
Exploits27References35
RedHat Linux
RedHat Linux
added 2021/03/16 11:57 a.m.75 views

Moderate: Red Hat Security Advisory: Red Hat Integration Debezium 1.4.2 security update

An update for Debezium MongoDB connector is now available for Red Hat Integration. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.8CVSS6.8AI score0.00432EPSS
Exploits0References3
NCSC
NCSC
added 2021/02/26 12:0 a.m.46 views

Vulnerabilities fixed in MongoDB

Vulnerabilities have been fixed in MongoDB. The vulnerabilities allow an unauthorized remote malicious person to obtain opportunity to obtain sensitive data. The malicious party must perform a successful man-in-the-middle attack that undoes the encryption of data is undone. Exploiting this...

6.8CVSS6.5AI score0.00432EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/02/25 5:15 p.m.34 views

CVE-2021-20328

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS6.8AI score0.00432EPSS
Exploits0References2
CVE
CVE
added 2021/02/25 4:30 p.m.147 views

CVE-2021-20328

CVE-2021-20328 affects specific versions of the MongoDB Java driver that support Field Level Encryption (CSFLE). The root cause is improper host name verification on the KMS server’s certificate, enabling a privileged MITM attacker to intercept traffic between the Java driver and the KMS service ...

6.8CVSS6.4AI score0.00432EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder