mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
100 lines
3.2 KiB
JSON
100 lines
3.2 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"AKA": "TWCERT/CC",
|
|
"ASSIGNER": "cve@cert.org.tw",
|
|
"DATE_PUBLIC": "2021-07-19T11:36:00.000Z",
|
|
"ID": "CVE-2021-35968",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Learningdigital.com, Inc. Orca HCM - Path Traversal-2"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Orca HCM",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_value": "10.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Learningdigital.com, Inc."
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users\u2019 privileges."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25",
|
|
"name": "https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.twcert.org.tw/tw/cp-132-4928-7e87b-1.html",
|
|
"name": "https://www.twcert.org.tw/tw/cp-132-4928-7e87b-1.html"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Update Orca HCM to version 10.9"
|
|
}
|
|
],
|
|
"source": {
|
|
"advisory": "TVN-202107009",
|
|
"discovery": "EXTERNAL"
|
|
}
|
|
} |