Lucene search
TwcertCVE-2024-8585HistorySep 09, 2024 - 3:15 a.m.
CVE-2024-8585
2024-09-0903:15:10
CWE-22
twcert
web.nvd.nist.gov
25
orca hcm
file download
vulnerability
remote attacker
system files
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
19.7%
Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files.
Affected configurations
Node
learningdigitalorca_hcmRange<11.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| learningdigital | orca_hcm | * | cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Orca HCM",
"vendor": "LEARNING DIGITAL",
"versions": [
{
"lessThan": "11.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-8585 LEARNING DIGITAL Orca HCM - Arbitrary File Download
2024-09-09 03:03:59
nvd
nvd
CVE-2024-8585
2024-09-09 03:15:10
cvelist
cvelist
CVE-2024-8585 LEARNING DIGITAL Orca HCM - Arbitrary File Download
2024-09-09 03:03:59
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
19.7%
Related for CVE-2024-8585