← back
CVE-2024-8584

LEARNING DIGITAL Orca HCM - Missing Authentication

CVSS 9.8 CRITICALEPSS 0.7%CWE-306
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
LEARNING DIGITAL · Orca HCM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-8040-948ef-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html