The unauthorized access vulnerability in MongoDB is one of the urgent vulnerabilities managed by Security Center. Attackers may exploit this vulnerability to remotely access MongoDB. This may cause data leaks or ransomware attacks. We recommend that you check for and fix these vulnerabilities as soon as possible based on the suggestions provided by Security Center.

Prerequisites

  • You agree to Urgent Vulnerability Detection Protocol and have authorized Security Center to check for urgent vulnerabilities.
  • The Security Center agent has been installed. For more information, see Install the Security Center agent.

Procedure

  1. Log on to the Security Center console.
  2. ChoosePrecaution > Vulnerabilities > Urgent Vulnerabilities.
  3. On the Urgent Vulnerabilities page, click Check Now on the right. Emergency

    The detection engine begins to work and the vulnerability status is changed to Checking. Please wait a while for the detection to complete.

    Checking for vulnerabilities
  4. Check whether any vulnerability exists.
    After a detection task is complete, you can view the result on the page.
    • The following is a detection result that indicates vulnerabilities:
      Figure 1. MongoDB vulnerabilities detected
      MongoDB vulnerabilities detected
    • The following is a detection result that indicates no vulnerability:
      Figure 2. No MongoDB vulnerabilities detected
      No MongoDB vulnerabilities detected
  5. View the details of the detection result.
    Figure 3. Vulnerabilities
    Vulnerabilities
    Figure 4. Vulnerability details
    Vulnerability details
  6. Fix the vulnerabilities.

    Fix the vulnerabilities detected on your server. For more information about vulnerability fixes, see Fix MongoDB vulnerabilities.

  7. Verify the vulnerability fix.
    After the vulnerability is fixed, click Verify to verify the fix.
    Figure 5. Verify vulnerability fix
    Verify vulnerability fix