An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.
References
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2023, 01:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Vocera
Vocera report Server Vocera voice Server |
|
References | (MISC) https://www.stryker.com/us/en/about/governance/cyber-security/product-security/ - Not Applicable | |
CPE | cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:* cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:* |
25 Jul 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-25 20:15
Updated : 2024-10-29 14:35
NVD link : CVE-2022-46900
Mitre link : CVE-2022-46900
CVE.ORG link : CVE-2022-46900
JSON object : View
Products Affected
vocera
- voice_server
- report_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')