CVE-2024-8584

Sept. 13, 2024, 10:15 a.m.

9.8
Critical

Description

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)

Product(s) Impacted

Vendor Product Versions
Learningdigital
  • Orca Hcm
  • *

Weaknesses

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a learningdigital orca_hcm / / / / / / / /

References

https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html
https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html

Tags

CWE-284
twcert@cert.org.tw
NVD-CWE-Other
2024-09-09
CVE-2024-8584

CVSS Score

9.8 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Date

  • Published: Sept. 9, 2024, 3:15 a.m.
  • Last Modified: Sept. 13, 2024, 10:15 a.m.

Status : Modified

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

twcert@cert.org.tw

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.