Lucene search
K

123 matches found

MongoDB
MongoDB
added 2021/02/11 12:0 a.m.34 views

SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager

For MongoDB Ops Manager = 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager = 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This...

6.7CVSS2.2AI score0.00139EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2020/11/30 12:0 a.m.37 views

Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2...

8.1CVSS5.6AI score0.01032EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2020/11/24 1:25 p.m.27 views

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

8.1CVSS6.4AI score0.01032EPSS
Exploits0References3
NVD
NVD
added 2020/11/23 7:15 p.m.20 views

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

8.1CVSS8AI score0.01032EPSS
Exploits0References1
OSV
OSV
added 2020/11/23 7:15 p.m.5 views

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

6.5CVSS5.8AI score0.01032EPSS
Exploits0References1
Prion
Prion
added 2020/11/23 7:15 p.m.19 views

Privilege escalation

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

4CVSS6.3AI score0.01032EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/23 7:0 p.m.66 views

CVE-2020-7927

CVE-2020-7927 affects MongoDB Ops Manager; a specially crafted API call can let an authenticated user with Organization Owner privilege obtain an API key with Global Role privilege. Affected releases include Ops Manager v4.2.x up to 4.2.17, v4.3.x up to 4.3.9, and v4.4.x up to 4.4.2. The issue is...

8.1CVSS6.8AI score0.01032EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/11/23 7:0 p.m.28 views

CVE-2020-7927 Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

8.1CVSS8AI score0.01032EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.7 views

MongoDB Ops Manager Authorization Issues Vulnerability

MongoDB Ops Manager is a solution from MongoDB, Inc. that supports the management, monitoring, and backup of MongoDB deployments. An authorization issue vulnerability exists in MongoDB Ops Manager that stems from a specially designed API call that could allow an authenticated user holding...

8.1CVSS6.6AI score0.01032EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.11 views

PT-2020-19852 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions prior to and including 4.2.17 MongoDB Ops Manager versions prior to and including 4.3.9 MongoDB Ops Manager versions prior to and including 4.4.2 Description: Specially crafted API calls may allow an authenticated...

8.1CVSS7.1AI score0.01032EPSS
Exploits0References5
CNVD
CNVD
added 2020/05/14 12:0 a.m.5 views

MongoDB Ops Manager Information Disclosure Vulnerability

MongoDB Ops Manager is a MongoDB USA solution that supports managing, monitoring and backing up MongoDB deployments. A security vulnerability exists in MongoDB Ops Manager versions 4.0.9, 4.0.10, and 4.1.5. An attacker could exploit the vulnerability to view specific access logs for publicly...

5.8CVSS6.7AI score0.00999EPSS
Exploits0References1
NVD
NVD
added 2020/05/13 5:15 p.m.15 views

CVE-2019-2388

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...

5.8CVSS5.5AI score0.00999EPSS
Exploits0References1
OSV
OSV
added 2020/05/13 5:15 p.m.2 views

CVE-2019-2388

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...

5.3CVSS6.1AI score0.00999EPSS
Exploits0References1
Prion
Prion
added 2020/05/13 5:15 p.m.20 views

Design/Logic Flaw

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...

5CVSS5.1AI score0.00999EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/05/13 4:15 p.m.59 views

CVE-2019-2388

CVE-2019-2388 corresponds to an information-disclosure issue in MongoDB Ops Manager. Affected versions: MongoDB Ops Manager 4.0.9–4.0.10 and 4.1.5. The root cause is an exposed HTTP route that can allow an attacker to view a specific access log from a publicly exposed Ops Manager instance. Impact...

5.8CVSS5.7AI score0.00999EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/13 4:15 p.m.22 views

CVE-2019-2388 Potential exposure of log information in Ops Manager

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...

5.8CVSS5.5AI score0.00999EPSS
Exploits0References1
MongoDB
MongoDB
added 2020/05/13 11:0 a.m.37 views

Potential exposure of log information in Ops Manager

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...

5.8CVSS5.3AI score0.00999EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/05/13 12:0 a.m.7 views

PT-2020-10890 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions 4.0.9 through 4.0.10 MongoDB Ops Manager version 4.1.5 Description: The issue affects MongoDB Ops Manager, where an exposed http route may allow attackers to view a specific access log of a publicly exposed Ops...

5.8CVSS5.2AI score0.00999EPSS
Exploits0References5
OSV
OSV
added 2020/01/09 12:15 a.m.4 views

CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...

6.5CVSS6.9AI score0.01075EPSS
Exploits0References1
NVD
NVD
added 2020/01/09 12:15 a.m.18 views

CVE-2019-11292

Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...

8.8CVSS7AI score0.01075EPSS
Exploits0References1
Rows per page
Query Builder