High severity7.5NVD Advisory· Published Jul 25, 2023· Updated Jun 17, 2026
CVE-2022-46899
CVE-2022-46899
Description
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Vocera/Report Server and Voice Serverdescription
- Range: 5.x - 5.8
- Range: 5.x - 5.8
- Range: 5.x - 5.8
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.