CVEブラウザに戻る

CVE-2021-35965

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1720%

EPSS Percentile8.65th

Published2021年7月19日

Last Modified2024年11月21日

Vulnerability Description

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.

Affected Platforms (CPE)

📦

Learningdigital

Orca Hcm

<= 10.0

References & Advisories

🔗 https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25

🔗 https://www.twcert.org.tw/tw/cp-132-4925-86733-1.html

🔗 https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25

🔗 https://www.twcert.org.tw/tw/cp-132-4925-86733-1.html

関連する脆弱性情報

CVE-2021-359639.8

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remo...

CVE-2021-359647.3

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attacker...

CVE-2021-359666.1

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL c...

CVE-2021-359675.3

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Remote attackers can ac...