Lucene search

[email protected]CVE-2022-46901

HistoryJul 25, 2023 - 8:15 p.m.

CVE-2022-46901

2023-07-2520:15:13

CWE-668

[email protected]

web.nvd.nist.gov

2353

cve-2022-46901

vocera

report server

voice server

access control violation

database operations

websocket interface

unauthenticated execution

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

JSON

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.

Affected configurations

NVD

Node

vocerareport_serverRange5.0.0–5.8.0.135

voceravoice_serverRange5.0.0–5.8.0.135

CPENameOperatorVersion
vocera:report_servervocera report serverle5.8.0.135
vocera:voice_servervocera voice serverle5.8.0.135

CPE	Name	Operator	Version
vocera:report_server	vocera report server	le	5.8.0.135
vocera:voice_server	vocera voice server	le	5.8.0.135

References

www.stryker.com/us/en/about/governance/cyber-security/product-security/

www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

JSON

Related for CVE-2022-46901

cvelist1 nvd1 prion1