CVE-2024-8584

{"id": "CVE-2024-8584", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-09-09T03:15:09.723", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-306"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in."}, {"lang": "es", "value": "Orca HCM de LEARNING DIGITAL no restringe adecuadamente el acceso a una funcionalidad espec\u00edfica, lo que permite que un atacante remoto no autenticado explote esta funcionalidad para crear una cuenta con privilegios de administrador y posteriormente usarla para iniciar sesi\u00f3n."}], "lastModified": "2025-02-17T04:15:08.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C124B76-9742-4EC2-93D5-B34039A6159E", "versionEndExcluding": "11.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}