From 698e1fb200e7a6fdb9222708bf0ad86e658d3ad8 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Mon, 9 Sep 2024 04:03:16 +0000
Subject: [PATCH] Auto-Update: 2024-09-09T04:00:17.944402+00:00

---
 CVE-2024/CVE-2024-85xx/CVE-2024-8584.json | 60 +++++++++++++++++++++++
 CVE-2024/CVE-2024-85xx/CVE-2024-8585.json | 60 +++++++++++++++++++++++
 CVE-2024/CVE-2024-85xx/CVE-2024-8586.json | 60 +++++++++++++++++++++++
 README.md                                 | 15 +++---
 _state.csv                                |  7 ++-
 5 files changed, 193 insertions(+), 9 deletions(-)
 create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8584.json
 create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8585.json
 create mode 100644 CVE-2024/CVE-2024-85xx/CVE-2024-8586.json

diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8584.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8584.json
new file mode 100644
index 00000000000..e58e28def6a
--- /dev/null
+++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8584.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8584",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-09-09T03:15:09.723",
+  "lastModified": "2024-09-09T03:15:09.723",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8585.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8585.json
new file mode 100644
index 00000000000..c5b8d6f1385
--- /dev/null
+++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8585.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8585",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-09-09T03:15:10.013",
+  "lastModified": "2024-09-09T03:15:10.013",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8041-dfbf9-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-85xx/CVE-2024-8586.json b/CVE-2024/CVE-2024-85xx/CVE-2024-8586.json
new file mode 100644
index 00000000000..bf6b7b8cf77
--- /dev/null
+++ b/CVE-2024/CVE-2024-85xx/CVE-2024-8586.json
@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8586",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-09-09T03:15:10.270",
+  "lastModified": "2024-09-09T03:15:10.270",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-601"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8044-65b84-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8043-cc323-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 6656192aa44..1078634583c 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-09-08T23:55:17.201175+00:00
+2024-09-09T04:00:17.944402+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-09-08T22:15:02.170000+00:00
+2024-09-09T03:15:10.270000+00:00
 ```
 
 ### Last Data Feed Release
@@ -27,21 +27,22 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2024-09-08T00:00:08.680551+00:00
+2024-09-09T00:00:08.698231+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-262190
+262193
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `3`
 
-- [CVE-2024-8582](CVE-2024/CVE-2024-85xx/CVE-2024-8582.json) (`2024-09-08T22:15:01.880`)
-- [CVE-2024-8583](CVE-2024/CVE-2024-85xx/CVE-2024-8583.json) (`2024-09-08T22:15:02.170`)
+- [CVE-2024-8584](CVE-2024/CVE-2024-85xx/CVE-2024-8584.json) (`2024-09-09T03:15:09.723`)
+- [CVE-2024-8585](CVE-2024/CVE-2024-85xx/CVE-2024-8585.json) (`2024-09-09T03:15:10.013`)
+- [CVE-2024-8586](CVE-2024/CVE-2024-85xx/CVE-2024-8586.json) (`2024-09-09T03:15:10.270`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index f34864c28d0..acd98f88c3a 100644
--- a/_state.csv
+++ b/_state.csv
@@ -262187,5 +262187,8 @@ CVE-2024-8577,0,0,7e19f869da858c71f188f1aba64823211fbfcb78762c13a67465bf76b52241
 CVE-2024-8578,0,0,096a1f14d0a119f5932979be87d621e12c47c1551f8cee469b1237e2adddf609,2024-09-08T19:15:10.453000
 CVE-2024-8579,0,0,5b61fca3e6c62da900f6cfe3722e02a65bb60603a5a7075ee6954ad16df05285,2024-09-08T20:15:01.757000
 CVE-2024-8580,0,0,83fb66279dff8ea011f4d5d88b4febe2733dd0448e87ae4ecd8fa9527098cba7,2024-09-08T21:15:11.107000
-CVE-2024-8582,1,1,67a4980358b5e4adffce029e3ac5423cc013c873f34678a8d70da78e0c6f5864,2024-09-08T22:15:01.880000
-CVE-2024-8583,1,1,3c96ee7ba92a4e815cead6d16b996fea7e7d08a332139bcb43d876b5cda8f21f,2024-09-08T22:15:02.170000
+CVE-2024-8582,0,0,67a4980358b5e4adffce029e3ac5423cc013c873f34678a8d70da78e0c6f5864,2024-09-08T22:15:01.880000
+CVE-2024-8583,0,0,3c96ee7ba92a4e815cead6d16b996fea7e7d08a332139bcb43d876b5cda8f21f,2024-09-08T22:15:02.170000
+CVE-2024-8584,1,1,a433270648b67cb4a6f64021dda0b51d46ea4d0cb77a74019fcbc53743ee16d0,2024-09-09T03:15:09.723000
+CVE-2024-8585,1,1,85442c0ce682a6ffef38ff7c2259428e18dbe5a94026cd1bbbbb4c4a97eab2af,2024-09-09T03:15:10.013000
+CVE-2024-8586,1,1,919e77d404085a33d8dc17cc7f8d4a1dd97fbb714df91bb07563e15a87272b63,2024-09-09T03:15:10.270000