CVE-2021-35967

Description

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can access the system directory thru Path Traversal without logging in.

Related CPE's

Could not find any relations

References

https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25

https://www.twcert.org.tw/tw/cp-132-4927-bbf01-1.html

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	LOW
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	5.3
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io