How severe is CVE-2021-20335?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2021-20335?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2021-20335 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions prior to and including 4.4.12 triggers a bug where Automation thinks SSL is being turned off, and can disable SSL temporarily for members of the cluster. This issue is temporary and eventually corrects itself after MongoDB Ops Manager instances have finished upgrading to MongoDB Ops Manager 4.4. In addition, customers must be running with clientCertificateMode=OPTIONAL / allowConnectionsWithoutCertificates=true to be impacted*.* Customers upgrading from Ops Manager 4.2.X to 4.2.24 and finally to Ops Manager 4.4.13+ are unaffected by this issue.

Related Vulnerabilities

CVE-2024-31799

MEDIUM

CVSS:4.6(Medium)

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port.

CWE-3192024

CVE-2024-41927

MEDIUM

CVSS:4.6(Medium)

Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained...

CWE-3192024

CVE-2021-23896

MEDIUM

CVSS:4.5(Medium)

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password...

CWE-3192021

CVE-2020-7744

MEDIUM

CVSS:4.7(Medium)

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls ei...

CWE-3192020

CVE-2025-43704

MEDIUM

CVSS:4.7(Medium)

Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.

CWE-3192025

CVE-2021-39077

MEDIUM

CVSS:4.4(Medium)

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.

CWE-3192021