VID |
25319 |
Severity |
40 |
Port |
27017 |
Protocol |
TCP |
Class |
DB |
Detailed Description |
The version of the remote MongoDB server is 3.1.x prior to 3.1.9. It is, therefore, affected by an unspecified flaw in LDAP authentication. An attacker may exploit this to gain unauthorized access to a MongoDB instance or cluster.
* References: https://jira.mongodb.org/browse/SERVER-20691
* Platforms Affected: MongoDB 3.1.x prior to 3.1.9 Any operating system Any version |
Recommendation |
Upgrade to the latest version of MongoDB(3.1.9 or later), available from the MongoDB Web page at https://www.mongodb.com/download-center/community |
Related URL |
CVE-2015-7882 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|