Vulnerability Details CVE-2021-35968
The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users’ privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.4%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Products affected by CVE-2021-35968
-
cpe:2.3:a:learningdigital:orca_hcm:-