← back
CVE-2021-35967

Learningdigital.com, Inc. Orca HCM - Path Traversal-1

CVSS 5.3 MEDIUMEPSS 1.3%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 1.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Learningdigital.com, Inc. · Orca HCM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25https://www.twcert.org.tw/tw/cp-132-4927-bbf01-1.html