CVE-2019-2388

Potential exposure of log information in Ops Manager

CVSS 5.8 MEDIUMEPSS 1.0%CWE-425

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Produtos afetados

MongoDB Inc. · MongoDB Ops Manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.0.11