Описание
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.0 (исключая)
cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.0061
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-306
NVD-CWE-Other
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
EPSS
Процентиль: 69%
0.0061
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-306
NVD-CWE-Other