An issue exists in Vocera Report Server and Voice Server 5.x up to and including 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vocera voice server |
||
vocera report server |