Home

Description

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.

PUBLISHED Reserved 2024-09-09 | Published 2024-09-09 | Updated 2025-02-21 | Assigner twcert




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unknown

Any version before 11.0
affected

References

www.twcert.org.tw/tw/cp-132-8039-24e48-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-8040-948ef-2.html third-party-advisory

cve.org (CVE-2024-8584)

nvd.nist.gov (CVE-2024-8584)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.