Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb ops manager vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-2388
In affected Ops Manager versions there is an exposed http route was that may allow malicious users to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1...
Mongodb Ops Manager 4.0.9
Mongodb Ops Manager 4.0.10
Mongodb Ops Manager 4.1.5
4.6
CVSSv3
CVE-2021-20335
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being...
Mongodb Ops Manager
6.5
CVSSv3
CVE-2020-7927
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and i...
Mongodb Ops Manager
5.3
CVSSv3
CVE-2023-0342
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 before 5.0.21 and MongoDB Ops Manager v6.0 before 6.0.12
Mongodb Ops Manager Server
7.2
CVSSv3
CVE-2023-4009
In MongoDB Ops Manager v5.0 before 5.0.22 and v6.0 before 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
Mongodb Ops Manager Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started