CVE-2024-8584
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| LEARNING DIGITAL | Orca HCM | 0 < 11.0 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html
- https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.