An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.
Metrics
Affected Vendors & Products
References
History
Wed, 23 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-07-25T00:00:00
Updated: 2024-10-23T20:32:02.135Z
Reserved: 2022-12-09T00:00:00
Link: CVE-2022-46901
Vulnrichment
Updated: 2024-08-03T14:47:27.859Z
NVD
Status : Modified
Published: 2023-07-25T20:15:13.157
Modified: 2024-11-21T07:31:16.630
Link: CVE-2022-46901
Redhat
No data.