The host is installed with Couchbase Server 7.x before 7.0.4 and is prone to an incorrect default permissions vulnerability. A flaw is present in the application, which fails to properly handle issues in collection-level permission in RBAC role. Successful exploitation could allows user with the role to access the collection even though their permission should have been removed when the collection was deleted.