An issue exists in Vocera Report Server and Voice Server 5.x up to and including 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vocera voice server |
||
vocera report server |