The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
References
Link | Resource |
---|---|
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25 | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-4924-f74d5-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-07-19T00:00:00
Updated: 2021-07-19T11:55:40
Reserved: 2021-06-30T00:00:00
Link: CVE-2021-35964
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-19T12:15:08.410
Modified: 2022-10-27T12:25:44.663
Link: CVE-2021-35964
JSON object: View
Redhat Information
No data.