cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4009,https://securityvulnerability.io/vulnerability/CVE-2023-4009,Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager,"An authenticated user with project owner or project user admin access in MongoDB Ops Manager versions prior to 5.0.22 and 6.0.17 can exploit a vulnerability to generate an API key with org owner privileges. This allows for unauthorized access and potential manipulation of data, posing a significant security risk. Organizations using affected versions should promptly update to mitigate this concern.",MongoDB,Mongodb Ops Manager,7.2,HIGH,0.0017600000137463212,false,false,false,false,,false,false,2023-08-08T09:15:00.000Z,0
CVE-2023-0342,https://securityvulnerability.io/vulnerability/CVE-2023-0342,MongoDB Ops Manager may disclose sensitive information in Diagnostic Archive,"MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

",MongoDB,"MongoDB Ops Manager ",5.3,MEDIUM,0.011789999902248383,false,false,false,false,,false,false,2023-06-09T00:00:00.000Z,0
CVE-2021-20335,https://securityvulnerability.io/vulnerability/CVE-2021-20335,SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager,"For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted*.* Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue.",MongoDB,Mongodb Ops Manager,4.6,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-02-11T00:00:00.000Z,0
CVE-2020-7927,https://securityvulnerability.io/vulnerability/CVE-2020-7927,Potential privilege escalation in Ops Manager API,"Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2.",MongoDB,Mongodb Ops Manager,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2020-11-23T19:15:00.000Z,0
CVE-2019-2388,https://securityvulnerability.io/vulnerability/CVE-2019-2388,Potential exposure of log information in Ops Manager,"In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.

",MongoDB,Mongodb Ops Manager,5.8,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2020-05-13T16:15:13.000Z,0