V-279391
MongoDB Enterprise Advanced 8.x Security Technical Implementation Guide
Title
When updates are applied to MongoDB software, any software components that have been replaced or made unnecessary must be removed.
Description
<VulnDiscussion>Previous versions of database management system (DBMS) components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMS installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the o...
Fix Text (Documentation Requirement)
It is recommended to use the official installation packages provided by MongoDB. In the event the software was installed manually and permissions need to be restricted, consider a clean reinstallation. Review this organizational or site-specific document to determine how and where MongoDB is to be installed on the system. Using this documentation, verify that MongoDB has been installed on the system prior to upgrading. To verify the version of MongoDB Enterprise Server, run the following command in the directory where the MongoDB executable binary has been placed according to the organizational or site-specific documentation. > cd <mongod binary directory> > ./mongod --version The output will show the version and architecture of the MongoDB Server binary similar to the following: db ...