How severe is CVE-2024-8207?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2024-8207?

This is classified as CWE-114, which is a common weakness in software security.

CVE-2024-8207 - MEDIUM Severity | CVSS 6.7

Vulnerability Description

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3. Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Related Vulnerabilities

CVE-2020-6014

MEDIUM

CVSS:6.5(Medium)

Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An att...

CWE-1142020

CVE-2019-8461

HIGH

CVSS:7.8(High)

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can lever...

CWE-1142019

CVE-2020-6024

HIGH

CVSS:7.8(High)

Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation d...

CWE-1142020

CVE-2020-8107

HIGH

CVSS:7.8(High)

A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bit...

CWE-1142020

CVE-2022-23748

HIGH

CVSS:7.8(High)

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker co...

CWE-1142022

CVE-2023-40299

HIGH

CVSS:7.8(High)

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

CWE-1142023