We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8584

LEARNING DIGITAL Orca HCM - Improper Access Control



Description

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)

Reserved 2024-09-09 | Published 2024-09-09 | Updated 2024-09-13 | Assigner twcert


CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unknown

Any version
affected

References

www.twcert.org.tw/tw/cp-132-8039-24e48-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-8040-948ef-2.html third-party-advisory

cve.org (CVE-2024-8584)

nvd.nist.gov (CVE-2024-8584)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-8584

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.