Vulnerability Description
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Learningdigital | Orca Hcm | <= 10.0 |
Related Weaknesses (CWE)
References
- https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25Third Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4924-f74d5-1.htmlThird Party Advisory
- https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25Third Party Advisory
- https://www.twcert.org.tw/tw/cp-132-4924-f74d5-1.htmlThird Party Advisory
FAQ
What is CVE-2021-35964?
CVE-2021-35964 is a vulnerability with a CVSS score of 7.3 (HIGH). The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access member...
How severe is CVE-2021-35964?
CVE-2021-35964 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35964?
Check the references section above for vendor advisories and patch information. Affected products include: Learningdigital Orca Hcm.