go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Learningdigital.com, Inc. Orca HCM - Path Traversal-2

TVN ID TVN-202107009
CVE ID CVE-2021-35968
CVSS 4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products Learningdigital.com, Inc. Orca HCM version 10.0
Description The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
Solution Update Orca HCM to version 10.9
Credit Jia-Rong Chen
Public Date 2021-07-19

Links

  1. CVE-2021-35968
  2. https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Top