CVE-2021-35967

Description

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.

Related CPE's

Could not find any relations

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

5.3

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

Could not find any metrics