MongoDB products must be a supported version.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-265952 | MD7X-00-009300 | SV-265952r1028821_rule | High |
| Description |
| Unsupported commercial and database systems should not be used because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities. Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned. |
| STIG | Date |
| MongoDB Enterprise Advanced 7.x Security Technical Implementation Guide | 2024-09-27 |
Details
| Check Text (C-69870r1028820_chk) |
| Review the current version of MongoDB running on the system. Run the following command from the OS command line and review the "db version" listed in the output: $ mongod --version | grep "db version" Compare the version from the output to the supported version matrix here: https://www.mongodb.com/support-policy/lifecycles If the version output in the above command has reached its "End of Life Date" shown in the matrix, this is a finding. |
| Fix Text (F-69774r1028641_fix) |
| Ensure a license agreement is still in effect and, if so, upgrade to a supported version of MongoDB. Each major release of MongoDB has upgrade instructions. Follow the upgrade path/procedures for the version and configuration (standalone, replica set, sharded) of MongoDB accordingly. If the license agreement with MongoDB has lapsed, contact MongoDB to license the use of a supported version. |