CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-35963

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
https://www.twcert.org.tw/tw/cp-132-4923-d68e6-1.html
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
https://www.twcert.org.tw/tw/cp-132-4923-d68e6-1.html

Products affected by CVE-2021-35963

Learningdigital » Orca Hcm » Version: N/A

cpe:2.3:a:learningdigital:orca_hcm:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35963

Products

Pricing

Contact Us