exploitDog

CVE-2022-46901

Опубликовано: 25 июл. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vocera:report_server:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.8.0.135 (включая)

cpe:2.3:a:vocera:voice_server:*:*:*:*:*:*:*:*

Версия от 5.0.0 (включая) до 5.8.0.135 (включая)

EPSS

Процентиль: 27%

0.00096

Низкий

7.5 High

CVSS3

Дефекты

CWE-668

Связанные уязвимости

GHSA-9476-hgjr-4g2q

CVSS3: 7.5

github

больше 2 лет назад

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.

EPSS

Процентиль: 27%

0.00096

Низкий

7.5 High

CVSS3

Дефекты

CWE-668