CVE-2021-35966 — MEDIUM (6.1)

Q: How severe is CVE-2021-35966?

CVE-2021-35966 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-35966?

Check the references section above for vendor advisories and patch information. Affected products include: Learningdigital Orca Hcm.

Vulnerability Description

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Learningdigital	Orca Hcm	<= 10.0

Related Weaknesses (CWE)

CWE-601

References

https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25Not Applicable
https://www.twcert.org.tw/tw/cp-132-4926-dc06b-1.htmlThird Party Advisory
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25Not Applicable
https://www.twcert.org.tw/tw/cp-132-4926-dc06b-1.htmlThird Party Advisory

FAQ

What is CVE-2021-35966?

CVE-2021-35966 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerab...

How severe is CVE-2021-35966?

CVE-2021-35966 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35966?

Check the references section above for vendor advisories and patch information. Affected products include: Learningdigital Orca Hcm.