Tony Yesudas

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions 3.6.0 through 3.6.17 MongoDB Server versions 4.0.0 through 4.0.14 MongoDB Server versions 4.2.0 through 4.2.2 MongoDB Server versions 4.3.0 through 4.3.2 **Description** The issue is related to improper serialization of internal state in the authorization subsystem, allowing a user with valid credentials to bypass IP whitelisting protection mechanisms following administrative action. **Recommendations** For MongoDB Server versions 3.6.0 through 3.6.17, update to version 3.6.18 or later. For MongoDB Server versions 4.0.0 through 4.0.14, update to version 4.0.15 or later. For MongoDB Server versions 4.2.0 through 4.2.2, update to version 4.2.3 or later. For MongoDB Server versions 4.3.0 through 4.3.2, update to version 4.3.3 or later.