MD4X-00-006500 - MongoDB products must be a version supported by the vendor.

Information

Unsupported commercial and database systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities.

Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation.

When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned.

Solution

Remove or decommission all unsupported software products.

Upgrade unsupported DBMS or unsupported components to a supported version of the product.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MDB_Enterprise_Advanced_4-x_V1R1_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-2c., CAT|II, CCI|CCI-002605, Rule-ID|SV-252184r813934_rule, STIG-ID|MD4X-00-006500, Vuln-ID|V-252184

Plugin: MongoDB

Control ID: 87b49c4d6c2ff78dd59b49b928ad2b0cc59a42cedeb78c26fe6df9630d32a1dd