Stryker Vocera Report Server and Voice Server Vulnerabilities


Security vulnerabilities have been identified impacting the Vocera Voice Server (VS) and Vocera Report Server (VRS) web consoles. Impacted product versions contain vulnerabilities that could allow an attacker to upload arbitrary files to the server and potentially execute unauthenticated tasks as a privileged user. An attacker would require network access to the Vocera servers' admin console or report console to exploit these vulnerabilities. The vulnerabilities are described in the following CVEs:

CVE-2022-46898 Arbitrary File Upload
CVE-2022-46899 Path Traversal in Task Exec Filename
CVE-2022-46900 Access Control Violation on Database Operations
CVE-2022-46901 Path Traversal in restore SQL data filename
CVE-2022-46902 Path Traversal on Unzip operation

Products Impacted: Vocera Platform 5.x
Components Impacted:

  • Vocera Report Server - Versions and earlier
  • Vocera Voice Server - Versions and earlier

These vulnerabilities are fixed as of version and can be resolved by upgrading to the latest version of software. Customers of the impacted products have been directly notified of these vulnerabilities and related software update. To date no incident or breach has been reported related to these vulnerabilities. For further information click here to contact Vocera Support.

For more information: