← back
CVE-2021-35968

Learningdigital.com, Inc. Orca HCM - Path Traversal-2

CVSS 4.3 MEDIUMEPSS 1.0%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Jul 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Learningdigital.com, Inc. · Orca HCM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25https://www.twcert.org.tw/tw/cp-132-4928-7e87b-1.html