Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/11/23 2:27 p.m.20 views

Security Bulletin: A Security Vulnerability affects IBM Cloud Private Core Services (CVE-2019-2386)

Summary A Security Vulnerability affects IBM Cloud Private Core Services Vulnerability Details CVEID: CVE-2019-2386 DESCRIPTION: MongoDB Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper session management. By reusing an established session of...

7.1CVSS0.7AI score0.01225EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2019/08/09 12:0 a.m.44 views

MongoDB 3.4 < 3.4.22, 3.6 < 3.6.13, 4.0 < 4.0.9, 4.1 < 4.1.9 User Session Vulnerability - Linux

MongoDB is prone to a vulnerability where after user deletion the improper invalidation of authorization sessions allows an authenticated user SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.1CVSS6.7AI score0.01225EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2019/08/09 12:0 a.m.20 views

MongoDB 3.4 < 3.4.22, 3.6 < 3.6.13, 4.0 < 4.0.9, 4.1 < 4.1.9 User Session Vulnerability - Windows

MongoDB is prone to a vulnerability where after user deletion the improper invalidation of authorization sessions allows an authenticated user SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.1CVSS6.7AI score0.01225EPSS
Exploits1References2
NVD
NVD
added 2019/08/06 7:15 p.m.11 views

CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS6.7AI score0.01225EPSS
Exploits1References2
CVE
CVE
added 2019/08/06 6:32 p.m.314 views

CVE-2019-2386

CVE-2019-2386 affects MongoDB Server: after user deletions, improper invalidation of authorization sessions can allow a previously active session to persist and merge with new accounts if names are reused. Impact details in the sources indicate affected versions are MongoDB Server v4.0 before 4.0...

7.1CVSS6.9AI score0.01225EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder