Design/Logic Flaw

2023-07-2520:15:00

PRIOn knowledge base

www.prio-n.com

vocera report server

voice server

arbitrary file upload

basecontroller class

http request

multipart/form-data

vocera upload-staging directory

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

JSON

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter.

CPENameOperatorVersion
report_serverge5.0.0
report_serverle5.8.0.135
voice_serverge5.0.0
voice_serverle5.8.0.135

Name	Operator	Version
report_server	ge	5.0.0
report_server	le	5.8.0.135
voice_server	ge	5.0.0
voice_server	le	5.8.0.135

References

www.stryker.com/us/en/about/governance/cyber-security/product-security/

www.stryker.com/us/en/about/governance/cyber-security/product-security/vocera-report-server-vulnerabilities--cve-2022-46898--cve-2022-4.html