CVE-2022-46900

Name of the Vulnerable Software and Affected Versions Vocera Report Server and Voice Server versions 5.x through 5.8

Description An issue was discovered in the software, allowing Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs executed on the server at specified intervals, such as backup. An authenticated user can modify these entries, setting the executable path and parameters.

Recommendations For versions 5.x through 5.8, consider restricting access to the Task Exec filename to prevent Path Traversal attacks. As a temporary workaround, limit the ability of authenticated users to modify job entries in the Vocera Report Console. Restrict the setting of executable paths and parameters to minimize the risk of exploitation.