CVE-2024-8584
CRITICALOrca HCM < 11.0 - Unauthenticated Administrator Account Creation
Title source: llmDescription
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html
Scores
CVSS v3
9.8
EPSS
0.0068
EPSS Percentile
47.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
learningdigital/orca_hcm
< 11.0
Published
Sep 09, 2024
Tracked Since
Feb 18, 2026