Описание
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.0 (включая)
cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00692
Низкий
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-285
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
EPSS
Процентиль: 71%
0.00692
Низкий
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-285
CWE-287