SUMMARY
The following vulnerability was found in Vocera Report Console.
CVE-2022-46902
Vocera Report Console contains a path traversal vulnerability in the unzip operation (ZipSlip) of the SQL import web endpoint in the Report Console software on versions before 5.6.0
CVSS 3.1
10 (Critical) – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AFFECTED PRODUCTS
SOFTWARE FIXES
Update to the latest version of Vocera Report Console.
TIMELINE
ACKNOWLEDGMENTS
REFERENCES