Unauthenticated Access Control Violation in Vocera Report Server and Voice Server

Unauthenticated Access Control Violation in Vocera Report Server and Voice Server

CVE-2022-46901 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.

Learn more about our Web App Pen Testing.