← back
CVE-2024-8584

LEARNING DIGITAL Orca HCM - Missing Authentication

CVSS 9.8 CRITICALEPSS 0.7%CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
LEARNING DIGITAL · Orca HCM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-8040-948ef-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html