As of December 12, 6pm ET, the following is the status of MongoDB investigation :
| Product |
Status |
| MongoDB Atlas Search |
Affected and patched.
No evidence of exploitation or indicators of compromise prior to the patch were discovered. |
| All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) |
Not affected |
| MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) |
Not affected |
| MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) |
Not affected |
| MongoDB Drivers |
Not affected |
| MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) |
Not affected |
| MongoDB Realm (including Realm Database, Sync, Functions, APIs) |
Not affected |
This vulnerability continues to be exploited in the wild; we encourage any customers who manage environments containing Log4j to update to the latest version as soon as possible.
If you have any questions, please visit the MongoDB Community Forums. If you subscribed the support with IBM and have questions related to your deployments, please open a support case with IBM Support.
Note : This blog is reproduction of below post on mongodb.com :
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb