This is not the latest report. Click
here to view the latest report.
CVSS v3.1 Statistics for MongoDB, Inc. as of 10/17/2020
8
64
8
50
Reference
0-69.9%
|
Reference |
78.1
Contributor
70-94.9%
Provider
95-100%
CVE | CNA Value | Alignment | NIST Value | Reason |
---|---|---|---|---|
CVE-2019-2386 (8 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) High | Attack Complexity (AC) High | |||
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2019-2388 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) None | Privileges Required (PR) None | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Changed | ≠ | Scope (S) Unchanged | Unclear if Scope change occurs. No identification of security boundaries being crossed. | |
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) None | Availability (A) None | |||
CVE-2019-2389 (5 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) High | ≠ | Attack Complexity (AC) Low | ||
Privileges Required (PR) Low | ≠ | Privileges Required (PR) High | ||
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Changed | ≠ | Scope (S) Unchanged | ||
Confidentiality (C) None | Confidentiality (C) None | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) High | Availability (A) High | |||
CVE-2019-2390 (6 of 8) | Attack Vector (AV) Local | Attack Vector (AV) Local | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) Low | ≠ | Privileges Required (PR) None | No privileges needed by attacker identified by NVD analyst | |
User Interaction (UI) Required | User Interaction (UI) Required | |||
Scope (S) Changed | ≠ | Scope (S) Unchanged | Unclear if Scope change occurs. No identification of security boundaries being crossed. | |
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | Integrity (I) High | |||
Availability (A) High | Availability (A) High | |||
CVE-2019-2391 (7 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) High | ≠ | Attack Complexity (AC) Low | Assessment performed prior to CVMAP efforts | |
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) Low | Confidentiality (C) Low | |||
Integrity (I) Low | Integrity (I) Low | |||
Availability (A) None | Availability (A) None | |||
CVE-2020-7921 (4 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | ≠ | Attack Complexity (AC) High | Implementation specific secrets must be overcome | |
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) Required | ≠ | User Interaction (UI) None | Assessment performed prior to CVMAP efforts | |
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) Low | ≠ | Confidentiality (C) None | Assessment performed prior to CVMAP efforts | |
Integrity (I) Low | ≠ | Integrity (I) High | Assessment performed prior to CVMAP efforts | |
Availability (A) None | Availability (A) None | |||
CVE-2020-7922 (5 of 8) | Attack Vector (AV) Adjacent Network | ≠ | Attack Vector (AV) Network | Assessment performed prior to CVMAP efforts |
Attack Complexity (AC) High | ≠ | Attack Complexity (AC) Low | Assessment performed prior to CVMAP efforts | |
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) High | Confidentiality (C) High | |||
Integrity (I) High | ≠ | Integrity (I) None | Assessment performed prior to CVMAP efforts | |
Availability (A) None | Availability (A) None | |||
CVE-2020-7923 (8 of 8) | Attack Vector (AV) Network | Attack Vector (AV) Network | ||
Attack Complexity (AC) Low | Attack Complexity (AC) Low | |||
Privileges Required (PR) Low | Privileges Required (PR) Low | |||
User Interaction (UI) None | User Interaction (UI) None | |||
Scope (S) Unchanged | Scope (S) Unchanged | |||
Confidentiality (C) None | Confidentiality (C) None | |||
Integrity (I) None | Integrity (I) None | |||
Availability (A) High | Availability (A) High |