Vulnerability Description
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vocera | Report Server | >= 5.0.0, <= 5.8.0.135 |
| Vocera | Voice Server | >= 5.0.0, <= 5.8.0.135 |
Related Weaknesses (CWE)
References
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/Not Applicable
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/v
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/Not Applicable
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/v
FAQ
What is CVE-2022-46900?
CVE-2022-46900 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed o...
How severe is CVE-2022-46900?
CVE-2022-46900 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46900?
Check the references section above for vendor advisories and patch information. Affected products include: Vocera Report Server, Vocera Voice Server.