exploitDog

CVE-2021-35966

Опубликовано: 19 июл. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.

Ссылки

https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Not Applicable
https://www.twcert.org.tw/tw/cp-132-4926-dc06b-1.html
Third Party Advisory
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Not Applicable
https://www.twcert.org.tw/tw/cp-132-4926-dc06b-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*

Версия до 10.0 (включая)

EPSS

Процентиль: 39%

0.00177

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-3cvx-wrcf-56r2

github

больше 3 лет назад

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.

EPSS

Процентиль: 39%

0.00177

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601