Unauthenticated Remote Access and Data Manipulation Vulnerability in Orca HCM Digital Learning Platform

Unauthenticated Remote Access and Data Manipulation Vulnerability in Orca HCM Digital Learning Platform

CVE-2021-35964 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.

Learn more about our E Learning Pen Testing.