Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-110617
HistoryAug 30, 2019 - 12:00 a.m.

MongoDB Server CVE-2019-2390 Remote Code Execution Vulnerability

2019-08-3000:00:00
Symantec Security Response
www.symantec.com
52
JSON

Description

MongoDB Server is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Technologies Affected

  • IBM Cloud App Management 2019.2.0
  • MongoDB Mongodb 3.4.1
  • MongoDB Mongodb 3.4.10
  • MongoDB Mongodb 3.4.13
  • MongoDB Mongodb 3.4.17
  • MongoDB Mongodb 3.4.19
  • MongoDB Mongodb 3.4.20
  • MongoDB Mongodb 3.4.21
  • MongoDB Mongodb 3.4.3
  • MongoDB Mongodb 3.4.4
  • MongoDB Mongodb 3.4.5
  • MongoDB Mongodb 3.4.6
  • MongoDB Mongodb 3.4.7
  • MongoDB Mongodb 3.4.8
  • MongoDB Mongodb 3.4.9
  • MongoDB Mongodb 3.6.1
  • MongoDB Mongodb 3.6.10
  • MongoDB Mongodb 3.6.11
  • MongoDB Mongodb 3.6.12
  • MongoDB Mongodb 3.6.13
  • MongoDB Mongodb 3.6.5
  • MongoDB Mongodb 3.6.7
  • MongoDB Mongodb 3.6.8
  • MongoDB Mongodb 3.6.9
  • MongoDB Mongodb 4.0.1
  • MongoDB Mongodb 4.0.10
  • MongoDB Mongodb 4.0.2
  • MongoDB Mongodb 4.0.3
  • MongoDB Mongodb 4.0.4
  • MongoDB Mongodb 4.0.5
  • MongoDB Mongodb 4.0.6
  • MongoDB Mongodb 4.0.7
  • MongoDB Mongodb 4.0.8
  • MongoDB Mongodb 4.0.9

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, block access at the network perimeter to computers hosting the vulnerable application.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not accept or execute files from untrusted or unknown sources.
To limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.

Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Updates are available. Please see the references or vendor advisory for more information.

Related

mongodb 1
cvelist 1
openvas 1
prion 1
freebsd 1
cve 1
nessus 1
ibm 2
mongodb
mongodb
CVE-2019-2390
2019-08-30 12:47:51
cvelist
cvelist
Code execution on Windows via OpenSSL engine injection
2019-08-30 14:41:19
openvas
openvas
MongoDB 3.4 < 3.4.22, 3.6 < 3.6.14, 4.0 < 4.0.11 Code Execution Vulnerability - Windows
2019-09-03 00:00:00
prion
prion
Default configuration
2019-08-30 15:15:00
freebsd
freebsd
mongodb -- Bump Windows package dependencies
2019-08-06 00:00:00
cve
cve
CVE-2019-2390
2019-08-30 15:15:00
nessus
nessus
FreeBSD : mongodb -- Bump Windows package dependencies (fd2e0ca8-e3ae-11e9-8af7-08002720423d)
2019-10-14 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in MongoDB server affect IBM Cloud App Management
2019-10-23 16:05:11
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Core Services (CVE-2019-2390, CVE-2019-2389)
2019-11-23 14:47:19
JSON
Related for SMNTC-110617
mongodb1cvelist1openvas1prion1freebsd1cve1nessus1ibm2