IBM Security Bulletin: a vulnerability in MongoDB affects IBM Performance Management products (CVE-2016-6494)
MongoDB could allow a local attacker to obtain sensitive information, caused by incorrect file permissions on .dbshell history files. An attacker could exploit this vulnerability to obtain sensitive information from .dbshell history files.
CVE(s): CVE-2016-6494
Affected product(s) and affected version(s):
IBM Monitoring 8.1.2 and 8.1.3
IBM Application Diagnostics 8.1.2 and 8.1.3
IBM Application Performance Management 8.1.2 and 8.1.3
IBM Application Performance Management Advanced 8.1.2 and 8.1.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gqq8pg
X-Force Database: http://ift.tt/2g3UA4D
from IBM Product Security Incident Response Team http://ift.tt/2gqxngX