go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Learningdigital.com, Inc. Orca HCM - Path Traversal-1

TVN ID TVN-202107008
CVE ID CVE-2021-35967
CVSS 5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products Learningdigital.com, Inc. Orca HCM version 10.0
Description The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.
Solution Update Orca HCM to version 10.9
Credit Jia-Rong Chen
Public Date 2021-07-19

Links

  1. CVE-2021-35967
  2. https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Top