An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.
CPE | Name | Operator | Version |
---|---|---|---|
report_server | ge | 5.0.0 | |
report_server | le | 5.8.0.135 | |
voice_server | ge | 5.0.0 | |
voice_server | le | 5.8.0.135 |