Quantcast
Channel: MongoDB | Blog
Viewing all articles
Browse latest Browse all 2423

Log4Shell Vulnerability (CVE-2021-44228) and MongoDB

$
0
0

When MongoDB became aware of the Log4Shell vulnerability (CVE-2021-44228), we began investigating our systems to determine whether there had been any impact to them.

As of December 12, 6pm ET, the following is the status of our investigation:


Product Status
MongoDB Atlas Search Affected and patched.
No evidence of exploitation or indicators of compromise prior to the patch were discovered.
All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) Not affected
MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) Not affected
MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) Not affected
MongoDB Drivers Not affected
MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) Not affected
MongoDB Realm (including Realm Database, Sync, Functions, APIs) Not affected

This vulnerability continues to be exploited in the wild; we encourage any customers who manage environments containing Log4j to update to the latest version as soon as possible.

We continue to monitor our system and services for any updates. If you have any questions, please visit the MongoDB Community Forums. If you are a MongoDB Commercial Support subscriber and have questions related to your deployments, please open a support case.


Viewing all articles
Browse latest Browse all 2423

Trending Articles