Vulnerability Description
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vocera | Report Server | >= 5.0.0, <= 5.8.0.135 |
| Vocera | Voice Server | >= 5.0.0, <= 5.8.0.135 |
Related Weaknesses (CWE)
References
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/Not Applicable
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vThird Party Advisory
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/Not Applicable
- https://www.stryker.com/us/en/about/governance/cyber-security/product-security/vThird Party Advisory
FAQ
What is CVE-2022-46901?
CVE-2022-46901 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface...
How severe is CVE-2022-46901?
CVE-2022-46901 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46901?
Check the references section above for vendor advisories and patch information. Affected products include: Vocera Report Server, Vocera Voice Server.