The host is installed with MongoDB 4.0 before 4.0.9, 3.6 before 3.6.13 or 3.4 before 3.4.22 and is prone to an improper authorization vulnerability. A flaw is present in the application which fails to validate authorization of sessions. Successful exploitation allows an attacker to access data by reusing deleted account names.