Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html | Third Party Advisory |
Configurations
History
13 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.) |
11 Sep 2024, 15:54
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html - Third Party Advisory | |
CWE | NVD-CWE-Other | |
First Time |
Learningdigital
Learningdigital orca Hcm |
|
CPE | cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:* |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
09 Sep 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-09 03:15
Updated : 2024-09-13 10:15
NVD link : CVE-2024-8584
Mitre link : CVE-2024-8584
CVE.ORG link : CVE-2024-8584
JSON object : View
Products Affected
learningdigital
- orca_hcm
CWE