CVE-2019-2388

Summary

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.

Affected Software

VendorProductVersion RangeStatus
MongoDB Inc.MongoDB Ops Manager4.0.9affected
MongoDB Inc.MongoDB Ops Manager4.0.10affected
MongoDB Inc.MongoDB Ops Manager4.1.5affected

Weaknesses

  • CWE-425: CWE-425 Direct Request (Forced Browsing)

ADP Enrichment

CVE Program Container

Additional References

References