3 matches found
CVE-2021-20335
CVE-2021-20335 affects MongoDB Ops Manager versions up to 4.2.24 and up to 4.4.12 when SSL is enabled for MongoDB processes; during upgrade, Automation may temporarily disable SSL on cluster members due to a bug, until upgrades complete. Impact requires clientCertificateMode=OPTIONAL or allowConn...
CVE-2020-7927
CVE-2020-7927 affects MongoDB Ops Manager; a specially crafted API call can let an authenticated user with Organization Owner privilege obtain an API key with Global Role privilege. Affected releases include Ops Manager v4.2.x up to 4.2.17, v4.3.x up to 4.3.9, and v4.4.x up to 4.4.2. The issue is...
CVE-2019-2388
CVE-2019-2388 corresponds to an information-disclosure issue in MongoDB Ops Manager. Affected versions: MongoDB Ops Manager 4.0.9–4.0.10 and 4.1.5. The root cause is an exposed HTTP route that can allow an attacker to view a specific access log from a publicly exposed Ops Manager instance. Impact...