CVE-2021-35968
MEDIUMOrca HCM < 10.0 - Path Traversal via Directory List Page Parameter
Title source: llmDescription
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
Third Party Advisory x_refsource_misc
https://www.twcert.org.tw/tw/cp-132-4928-7e87b-1.html
Scores
CVSS v3
4.3
EPSS
0.0103
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
learningdigital/orca_hcm
< 10.0
Published
Jul 19, 2021
Tracked Since
Feb 18, 2026