Lucene search

TwcertCVE-2024-8584

HistorySep 09, 2024 - 3:15 a.m.

CVE-2024-8584

2024-09-0903:15:09

CWE-284

twcert

web.nvd.nist.gov

orca hcm

learning digital

unauthenticated remote attacker

administrator privilege

account creation

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)

Affected configurations

Nvd

Node

learningdigitalorca_hcmRange<11.0

VendorProductVersionCPE
learningdigitalorca_hcm*cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
learningdigital	orca_hcm	*	cpe:2.3:a:learningdigital:orca_hcm::::::::

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "Orca HCM",
    "vendor": "LEARNING DIGITAL",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.twcert.org.tw/en/cp-139-8040-948ef-2.html

www.twcert.org.tw/tw/cp-132-8039-24e48-1.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

39.7%

JSON

Related for CVE-2024-8584