Security vulnerability in MongoDB 3.4 and 3.6

  • Description

    In MongoDB Enterprise, when a Mongo server accepts authentication attempts via the PLAIN mechanism on the $external database and is configured to use the Cyrus SASL GSSAPI mechanism for LDAP binding, passwords are not validated.
    You can find more details on the MongoDB site: https://jira.mongodb.org/browse/SERVER-35610.

    • For Sitecore XP 8.2 Update-6 and Update-7, upgrade your MongoDB server to 3.4.16 version.
    • For Sitecore XP 9.0 Update-2, upgrade your MongoDB server to 3.6.6 version.

Applies to:

CMS 8.2 Update-6, 8.2 Update-7, 9.0 Update-2

August 23, 2018
August 23, 2018

Reference number:

232727