Mongodb: >> Mongodb >> 4.3.0 Security Vulnerabilities
Improper serialization of internal state in the authorization subsystem in MongoDB Server's authorization subsystem permits a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. This issue affects MongoDB Server v4.2 versions prior to 4.2.3; MongoDB Server v4.0 versions prior to 4.0.15; MongoDB Server v4.3 versions prior to 4.3.3and MongoDB Server v3.6 versions prior to 3.6.18.
CVSS Score
4.6
EPSS Score
0.001
Published
2020-05-06
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-06-06