The unauthorized access vulnerability in MongoDB is one of the urgent vulnerabilities that can be detected by Security Center. Attackers may exploit this vulnerability to remotely access MongoDB. This may cause data leaks or ransomware attacks. We recommend that you check for and fix the vulnerability at the earliest opportunity by using the suggestions provided by Security Center.

Prerequisites

  • You have read and agreed to Urgent Vulnerability Detection Protocol and have authorized Security Center to detect urgent vulnerabilities. If you have authorized Security Center, you can ignore this point.
  • Your server is installed with the Security Center agent. Otherwise, Security Center cannot detect vulnerabilities. For more information about how to install the Security Center agent, see Install the Security Center agent.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities. Then, click the Emergency tab.
  3. On the Emergency tab, find the required vulnerability and click Check Now in the Actions column. Check Now

    The detection engine begins to work, and the vulnerability status changes to Checking. Wait until the detection is complete.

  4. Check whether risks are found.
    After the detection is complete, you can view the results on the page.
    • The following figure shows that risks are found. Detection results of the urgent vulnerability
    • The following figure shows that no risks are found. No risks
  5. View the details of the detected vulnerability.
  6. Fix the vulnerability.

    If the results show risks, fix the vulnerability detected on your server. For more information about how to fix the vulnerability, see Fix MongoDB vulnerabilities.

  7. Verify the vulnerability fix.
    After the vulnerability is fixed, click Verify to verify the fix.