CVE-2022-46901 – Securifera

CVE-2022-46901b0yd2023-07-12T17:12:30+00:00

SUMMARY

The following vulnerability was found in Vocera Report Console.

CVE-2022-46901

Vocera Report Console contains a path traversal vulnerability in the SQL import web endpoint in the Report Console software on versions before 5.6.0

CVSS 3.1

9.1 (Critical) – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AFFECTED PRODUCTS

Vocera Report Console <= 5.6.0

SOFTWARE FIXES

Update to the latest version of Vocera Report Console.

TIMELINE

10.20.2022

Notified vendor of vulnerability

10.25.2022

Vendor acknowledges vulnerability

12.16.2022

Vulnerabilities confirmed & CVEs reserved

01.20.2023

Patches Released

02.27.2023

Vendor delays public disclosure

03.27.2023

Public disclosure

ACKNOWLEDGEMENTS

Ryan Wincey

REFERENCES