CVE-2021-35964
HIGHOrca HCM < 10.0 - Unauthenticated Improper Authentication
Title source: llmDescription
The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4924-f74d5-1.html
Scores
CVSS v3
7.3
EPSS
0.0109
EPSS Percentile
60.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-285
CWE-287
Status
published
Products (1)
learningdigital/orca_hcm
< 10.0
Published
Jul 19, 2021
Tracked Since
Feb 18, 2026