CyberSec.Space Logo
Back to CVE Browser

CVE-2021-35965

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile8.65th
PublishedJul 19, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.

Affected Platforms (CPE)

📦
Learningdigital

Orca Hcm

<= 10.0

References & Advisories

🔗 https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
🔗 https://www.twcert.org.tw/tw/cp-132-4925-86733-1.html
🔗 https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
🔗 https://www.twcert.org.tw/tw/cp-132-4925-86733-1.html

Related Vulnerabilities

CVE-2021-359639.8

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remo...

CVE-2021-359647.3

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attacker...

CVE-2021-359666.1

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL c...

CVE-2021-359675.3

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can ac...