{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T17:49:35.741","vulnerabilities":[{"cve":{"id":"CVE-2020-7924","sourceIdentifier":"cna@mongodb.com","published":"2021-04-12T17:15:13.350","lastModified":"2024-11-21T05:38:01.257","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0."},{"lang":"es","value":"El uso de un parámetro de línea de comando específico en MongoDB Tools, que originalmente estaba destinado a omitir las comprobaciones de nombre de host, puede resultar que MongoDB omita toda la comprobación de certificados. Esto puede resultar en la aceptación de certificados no válidos. Este problema afecta a: MongoDB Inc. MongoDB Database Tools versiones 3.6 posteriores a 3.6.5; versiones 3.6 anteriores a 3.6.21; versiones 4.0 anteriores a 4.0.21; versiones 4.2 anteriores a 4.2.11; versiones 100 versiones anteriores a 100.2.0. MongoDB Inc. Mongomirror versiones 0 posteriores a 0.6.0"}],"metrics":{"cvssMetricV31":[{"source":"cna@mongodb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@mongodb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:database_tools:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.5","versionEndExcluding":"3.6.21","matchCriteriaId":"A0255916-D8D6-4F54-A52E-6851A08A940E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:database_tools:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.21","matchCriteriaId":"46F9093A-A7D0-41E7-99CD-A82ED491CF09"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:database_tools:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndExcluding":"4.2.11","matchCriteriaId":"3094DE0B-DF1A-45E9-BE6C-E06B19100DAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:database_tools:*:*:*:*:*:*:*:*","versionStartIncluding":"100.0.0","versionEndExcluding":"100.2.0","matchCriteriaId":"3309683F-1145-429F-A7C5-077CA01FD6F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:mongodb:mongomirror:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.0","matchCriteriaId":"04758A73-E28C-4DE1-B651-0B1FD692868F"}]}]}],"references":[{"url":"https://jira.mongodb.org/browse/TOOLS-2587","source":"cna@mongodb.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://jira.mongodb.org/browse/TOOLS-2587","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}}]}