An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.stryker.com/us/en/about/governance/cyber-security/product-security/ - Not Applicable | |
References | () https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html - |
08 Aug 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2023, 01:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:* cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.stryker.com/us/en/about/governance/cyber-security/product-security/ - Not Applicable | |
First Time |
Vocera
Vocera report Server Vocera voice Server |
|
CWE | CWE-22 |
25 Jul 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-25 20:15
Updated : 2024-11-21 07:31
NVD link : CVE-2022-46900
Mitre link : CVE-2022-46900
CVE.ORG link : CVE-2022-46900
JSON object : View
Products Affected
vocera
- report_server
- voice_server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')