SUMMARY

The following vulnerability was found in Vocera Report Console.

CVE-2022-46898

Vocera Report Console contains an arbitrary file upload vulnerability in the web management interface of the Report Console software on versions before 5.6.0

CVSS 3.1

5.3 (Medium) – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AFFECTED PRODUCTS

  • Vocera Report Console <= 5.6.0

SOFTWARE FIXES

Update to the latest version of Vocera Report Console.

TIMELINE

10.20.2022

Notified vendor of vulnerability

10.25.2022

Vendor acknowledges vulnerability

12.16.2022

Vulnerabilities confirmed & CVEs reserved

01.20.2023

Patches Released

02.27.2023

Vendor delays public disclosure

03.27.2023

Public disclosure

ACKNOWLEDGEMENTS

  • Ryan Wincey (b0yd)

  • Travis Timmerman

REFERENCES