CVE-2019-2388

MEDIUM

MongoDB Ops Manager <4.0.9-4.1.5 - Info Disclosure

Title source: llm

Description

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.

References (1)

[Various Sources] https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-4.0.11

Scores

CVSS v3 5.8

EPSS 0.0029

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-425

Status published

Products (3)

mongodb/ops_manager 4.0.9

mongodb/ops_manager 4.0.10

mongodb/ops_manager 4.1.5

Published May 13, 2020

Tracked Since Feb 18, 2026