CVE-2022-46900 – Securifera

CVE-2022-46900b0yd2023-07-12T17:16:46+00:00

SUMMARY

The following vulnerability was found in Vocera Report Console.

CVE-2022-46900

Vocera Report Console contains an access control vulnerability when accessing privileged database operations from the web endpoint of the Report Console software on versions before 5.6.0

CVSS 3.1

9.1 (Critical) – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AFFECTED PRODUCTS

Vocera Report Console <= 5.6.0

SOFTWARE FIXES

Update to the latest version of Vocera Report Console.

TIMELINE

10.20.2022

Notified vendor of vulnerability

10.25.2022

Vendor acknowledges vulnerability

12.16.2022

Vulnerabilities confirmed & CVEs reserved

01.20.2023

Patches Released

02.27.2023

Vendor delays public disclosure

03.27.2023

Public disclosure

ACKNOWLEDGEMENTS

Ryan Wincey (b0yd)

REFERENCES